<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="ctl00_Html1" xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-us"><head id="ctl00_Head1"><!-- 0609 -->





<link href="ms977327.aspx_files/global.css" rel="stylesheet" type="text/css">
<script language="javascript" type="text/javascript" src="ms977327.aspx_files/broker.js"></script><script language="JavaScript" src="ms977327.aspx_files/SiteRecruit_PageConfiguration_p10828145mt-3332mt.js"></script>

    <script type="text/javascript">
      <!--
      function GetLocalTimeOffset()
      {
        var now = new Date();
        var date1 = new Date(now.getFullYear(), 0, 1, 0, 0, 0, 0);
        var temp = date1.toGMTString();
        var date2 = new Date(temp.substring(0, temp.lastIndexOf(" ")-1));
        var hoursDiffStdTime = (date1 - date2) / (1000 * 60 * 60);
        setCookie("timeZone", hoursDiffStdTime, 0); 
      }

      function setCookie(name,value,days) {
        if (days && days > 0) {
          var date = new Date();
          date.setTime(date.getTime()+(days*24*60*60*1000));
          var expires = "; expires="+date.toGMTString();
        }
        else var expires = "";
          document.cookie = name+"="+value+expires+"; path=/";
      }
       GetLocalTimeOffset();
      //-->
    </script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="ms.locale" content="en-us">
<meta name="robots" content="NOINDEX,NOFOLLOW">
<meta name="MN" content="956-5:16:12 AM"><meta name="MSHKeywordA" content="understw">
<meta name="Search.MSHKeywordA" content="understw">
<meta name="MSHKeywordK" content="WS-Security">
<meta name="Search.MSHKeywordK" content="WS-Security">
<meta name="MSHKeywordA" content="understw">
<meta name="Search.MSHKeywordA" content="understw">
<meta name="MSHAttr" content="DocSetTitle:Web Services Security Technical Articles">
<meta name="Search.DocSetTitle" content="Web Services Security Technical Articles">
<meta name="MSHAttr" content="DocSetRoot:ms977327">
<meta name="Search.DocSetRoot" content="ms977327">
<meta name="MSHAttr" content="Description:Use WS-Security to embed security within the SOAP message itself. Explore these concerns with WS-Security addresses: authentication, signatures, and encryption.">
<meta name="Search.Description" content="Use WS-Security to embed security within the SOAP message itself. Explore these concerns with WS-Security addresses: authentication, signatures, and encryption.">
<meta name="MSHAttr" content="DevLang:XML">
<meta name="Search.DevLang" content="XML">
<meta name="MSHAttr" content="DevLangVers:kbXML">
<meta name="Search.DevLangVers" content="kbXML">
<meta name="MSHAttr" content="DocSet:kbmsdn">
<meta name="Search.DocSet" content="kbmsdn">
<meta name="MSHAttr" content="HostCPU:kbx86">
<meta name="Search.HostCPU" content="kbx86">
<meta name="MSHAttr" content="HostOS:Windows">
<meta name="Search.HostOS" content="Windows">
<meta name="MSHAttr" content="HostOSVers:kbWinOS">
<meta name="Search.HostOSVers" content="kbWinOS">
<meta name="MSHAttr" content="Locale:kbEnglish">
<meta name="Search.Locale" content="kbEnglish">
<meta name="MSHAttr" content="Media:kbText">
<meta name="Search.Media" content="kbText">
<meta name="MSHAttr" content="Product:kbwindows">
<meta name="Search.Product" content="kbwindows">
<meta name="MSHAttr" content="ProductVers:kbwindows">
<meta name="Search.ProductVers" content="kbwindows">
<meta name="MSHAttr" content="Status:New">
<meta name="Search.Status" content="New">
<meta name="MSHAttr" content="TargetCPU:kbx86">
<meta name="Search.TargetCPU" content="kbx86">
<meta name="MSHAttr" content="TargetOS:Windows">
<meta name="Search.TargetOS" content="Windows">
<meta name="MSHAttr" content="TargetOSVers:kbWinOS">
<meta name="Search.TargetOSVers" content="kbWinOS">
<meta name="MSHAttr" content="Technology:IE">
<meta name="Search.Technology" content="IE">
<meta name="MSHAttr" content="Technology:XML">
<meta name="Search.Technology" content="XML">
<meta name="MSHAttr" content="Technology:Security">
<meta name="Search.Technology" content="Security">
<meta name="MSHAttr" content="TechnologyVers:kbSecurity">
<meta name="Search.TechnologyVers" content="kbSecurity">
<meta name="MSHAttr" content="Technology:WebServices">
<meta name="Search.Technology" content="WebServices">
<meta name="MSHAttr" content="TechnologyVers:kbWebServices">
<meta name="Search.TechnologyVers" content="kbWebServices">
<meta name="MSHAttr" content="TopicType:kbArticle">
<meta name="Search.TopicType" content="kbArticle">
<meta name="Search.MScategory" content="ms123401">
<meta name="MSHAttr" content="MScategory:ms310249">
<meta name="Search.MScategory" content="ms310249">
<meta name="MSHAttr" content="MScategory:ms310241">
<meta name="Search.MScategory" content="ms310241">
<meta name="MSHAttr" content="MScategory:aa139615">
<meta name="Search.MScategory" content="aa139615">
<meta name="MSHAttr" content="MScategory:aa139641">
<meta name="Search.MScategory" content="aa139641">
<meta name="MSHAttr" content="MScategory:ms950421">
<meta name="Search.MScategory" content="ms950421">
<meta name="MSHAttr" content="MScategory:ms951274">
<meta name="Search.MScategory" content="ms951274">
<meta name="MSHAttr" content="MScategory:ms951214">
<meta name="Search.MScategory" content="ms951214">
<meta name="MSHAttr" content="MScategory:aa186014">
<meta name="Search.MScategory" content="aa186014">
<meta name="MSHAttr" content="MScategory:ms977327">
<meta name="Search.MScategory" content="ms977327">
<meta name="MSHAttr" content="ShippedIn:MSDN.10">
<meta name="Search.ShippedIn" content="MSDN10">
<meta name="MSHAttr" content="OnlineHelp:VS2005">
<meta name="Search.OnlineHelp" content="VS2005">
<meta name="Search.ShortId" content="ms977327">
<link rel="stylesheet" type="text/css" href="ms977327.aspx_files/TobagoDeepTreePageType_master.css">
<link rel="alternate" media="print" href="http://msdn2.microsoft.com/en-us/library/ms977327%28d=printer%29.aspx">
<link rel="stylesheet" type="text/css" href="ms977327.aspx_files/css.css">
<script src="ms977327.aspx_files/js.js" type="text/javascript"></script><!--[if IE]>
   <style>
        pre { white-space: normal; }
	    body {overflow-x:auto}
        .contentPanel {right:-17px;overflow:scroll ! important;padding: 0px 0px 0px 0px ! important;}
	    .RightPanel { margin-right:-15px;}
   </style><![endif]--><title>Understanding WS-Security</title>

    
    
<style type="text/css">
	.ctl00_NavigationTabStrip_ScopeMenu_0 { background-color:white;visibility:hidden;display:none;position:absolute;left:0px;top:0px; }
	.ctl00_NavigationTabStrip_ScopeMenu_1 { text-decoration:none; }
	.ctl00_NavigationTabStrip_ScopeMenu_2 { height:22px;width:16px; }
	.ctl00_NavigationTabStrip_ScopeMenu_3 { border-style:none; }
	.ctl00_NavigationTabStrip_ScopeMenu_4 {  }
	.ctl00_NavigationTabStrip_ScopeMenu_5 {  }
	.ctl00_NavigationTabStrip_ScopeMenu_6 { border-style:none; }
	.ctl00_NavigationTabStrip_ScopeMenu_7 {  }
	.ctl00_NavigationTabStrip_ScopeMenu_8 { border-style:none; }
	.ctl00_NavigationTabStrip_ScopeMenu_9 {  }

</style><style type="text/css">
    #InThisSectionContainer, td.tabOn
    {
      background-color: #DD7C3B;
    }
    #LibraryDivider, #PortalDivider
    {
        border-color: #DD7C3B;
    }
    td.tabOff A:hover
    {
      background-color: #E7A476;
    }
    td.tabOn
    {
       border-bottom: solid 1px #DD7C3B;
    }
    .SecLinkSpacer
    {
       color: #F69554
    }
    #InThisSubSectionContainer .SecLinkSpacer
    {
       color: silver;
    }
  </style></head><body id="ctl00_MTPS_Body" onload="DoControlSetup(); windowLoaded(event); document.body.onresize=FetchResizableAreaCells; window.onresize=FetchResizableAreaCells;; SetFilterText(); CheckDropDownClientCookie(); ">
    <form name="aspnetForm" method="post" action="ms977327.aspx" id="aspnetForm">
<div>
<input name="__EVENTTARGET" id="__EVENTTARGET" value="" type="hidden">
<input name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" type="hidden">
<input name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUBMA9kFgJmD2QWAgIBD2QWAgIDDxYCHgZvbmxvYWQFrwFEb0NvbnRyb2xTZXR1cCgpOyB3aW5kb3dMb2FkZWQoZXZlbnQpOyBkb2N1bWVudC5ib2R5Lm9ucmVzaXplPUZldGNoUmVzaXphYmxlQXJlYUNlbGxzOyB3aW5kb3cub25yZXNpemU9RmV0Y2hSZXNpemFibGVBcmVhQ2VsbHM7OyBTZXRGaWx0ZXJUZXh0KCk7IENoZWNrRHJvcERvd25DbGllbnRDb29raWUoKTsgFgICAQ9kFgQCAw9kFgYCAw9kFgICBQ9kFgJmD2QWAmYPZBYCZg8PFgYeCENzc0NsYXNzBR9RdWlja0xpbmtzRmx5b3V0U3RhdGljTGlua19tc2RuHgdUb29sVGlwBRlNaWNyb3NvZnQuY29tIFF1aWNrIExpbmtzHgRfIVNCAgJkZAIFD2QWAmYPZBYGAgEPDxYCHwIFC1NlYXJjaCBNU0ROZGQCAg8PFgIfAgUUQ2xpY2sgaGVyZSB0byBzZWFyY2hkZAIDDzwrAA0CAA8WBB8BBQ9zY29wZUFycm93X21zZG4fAwICZAwUKwACBQMwOjAUKwACFgQeBFRleHQFBiZuYnNwOx4FVmFsdWVlFCsABAULMDowLDA6MSwwOjIUKwACFgYfBAULU2VhcmNoIE1TRE4fBQUCMDAeCFNlbGVjdGVkZ2QUKwACFgQfBAUUU2VhcmNoIE1pY3Jvc29mdC5jb20fBQUDMTA1ZBQrAAIWBB8EBQtMaXZlIFNlYXJjaB8FBQMxMTVkZAIHD2QWAgIBD2QWAgIBD2QWAgIBD2QWBAIBD2QWBgIBDw8WBB4LTmF2aWdhdGVVcmwFQWh0dHA6Ly9tc2RuMi5taWNyb3NvZnQuY29tL2VuLXVzL2xpYnJhcnkvbXM5NzczMjcoZD1wcmludGVyKS5hc3B4HwIFElByaW50IFRoaXMgQ29udGVudBYCHgdvbmNsaWNrBWBqYXZhc2NyaXB0OiBXZWJGb3JtX0RvQ2FsbGJhY2soJ2N0bDAwJHRiMScsJ3ByaW50ZXJGcmllbmRseVBhZ2UnLEdldFNlcnZlckRhdGEsbnVsbCxudWxsLGZhbHNlKTsWAgICDxYCHwQFGFByaW50ZXIgRnJpZW5kbHkgVmVyc2lvbmQCAw8PFgIeB1Zpc2libGVoZGQCBQ8PFgQfBwWeAW1haWx0bzo/c3ViamVjdD1VbmRlcnN0YW5kaW5nIFdTLVNlY3VyaXR5JmJvZHk9VGhpcyBVUkwgcG9pbnRzIHRvIGEgcGFnZSBvbiBNU0ROIHRoYXQgbWF5IGludGVyZXN0IHlvdTogaHR0cDovL21zZG4yLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS9tczk3NzMyNy5hc3B4HwIFEVNlbmQgVGhpcyBDb250ZW50FgIfCAVZamF2YXNjcmlwdDogV2ViRm9ybV9Eb0NhbGxiYWNrKCdjdGwwMCR0YjEnLCdzZW5kVGhpc1BhZ2UnLEdldFNlcnZlckRhdGEsbnVsbCxudWxsLGZhbHNlKTsWAgICDxYCHwQFBFNlbmRkAgMPZBYCZg9kFgICAQ9kFgICAQ9kFgRmD2QWAmYPDxYCHwIFOFR1cm4gc2NyaXB0aW5nIG9uICB0byBzdWJtaXQgYSByYXRpbmcgYW5kIHNlbmQgZmVlZGJhY2suZBYEAgEPDxYCHwQFH0NsaWNrIHRvIFJhdGUgYW5kIEdpdmUgRmVlZGJhY2tkZAIDDxYCHwgFWmlmKCRnZXQoJ2N0bDAwX3RiMV9GbHlvdXRfdGJDb21tZW50cycpIT1udWxsKSAkZ2V0KCdjdGwwMF90YjFfRmx5b3V0X3RiQ29tbWVudHMnKS5mb2N1cygpOxYCAgEPZBYCZg8WBh4KQ2FsbGJhY2tJRAUYY3RsMDAkdGIxJEZseW91dCRSYXRpbmcxHglNYXhSYXRpbmcCBR4DVGFnBT1jb250ZW50UmF0aW5nYjU5MzE4MzMtZDE4Yi00YmRlLWFlZDEtNjE3NGQwNjFlZGJiTVNETi4xMGVuLXVzZAIBD2QWBGYPDxYCHwQFHUdpdmUgZmVlZGJhY2sgb24gdGhpcyBjb250ZW50ZGQCAg8PFgYfBAUEU2VuZB8CBRFTZW5kIFRoaXMgQ29udGVudB4NT25DbGllbnRDbGljawWCAXJldHVybiBJc1BhZ2VSYXRlZCgiY3RsMDBfdGIxX0ZseW91dF9SYXRpbmcxIiwiY3RsMDBfdGIxX0ZseW91dF9sYk9wdFRleHQiLCdQbGVhc2UgcmF0ZSB0aGUgcGFnZSBmaXJzdC4nLCAiY3RsMDAkdGIxJEZseW91dCIsdGhpcylkZAIFD2QWAmYPZBYGZg8PZBYCHgVzdHlsZQUMV2lkdGg6MjUwcHg7ZAICDw8WAh8CBUlDbGljayBhbmQgZHJhZyB0byByZXNpemUuIERvdWJsZSBjbGljayBvciBwcmVzcyAndCcgdG8gdG9nZ2xlIHZpc2liaWxpdHkuFgIfDgUdUG9zaXRpb246QWJzb2x1dGU7TGVmdDoyNTBweDtkAgMPD2QWAh8OBQtMZWZ0OjI1NXB4OxYEAgMPZBYEAgEPZBYCAgEPDxYCHwloZGQCAw9kFgRmD2QWAgIBD2QWAgIBDxYCHgtfIUl0ZW1Db3VudAIDFgpmD2QWAmYPFQISQ29tbXVuaXR5wqBDb250ZW50R2h0dHA6Ly9tc2RuMi5taWNyb3NvZnQuY29tOjgwL2VuLVVTL2xpYnJhcnkvQ29tbXVuaXR5LUVkaXRzKGQ9cnNzKS5hc3B4ZAIBD2QWBGYPFQEFU3RhdHNkAgEPFgIfDwIEFghmD2QWAmYPFQGFATxzcGFuIGNsYXNzPSdSc3NIZWFkbGluZXNSZXBlYXRlcl9UZXh0SXRlbSc+Q29tbXVuaXR5IENvbnRlbnQgQmxvY2tzOiA8L3NwYW4+PHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX1RleHRWYWx1ZSc+MzI4NDwvc3Bhbj5kAgEPZBYCZg8VAYQBPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX1RleHRJdGVtJz5Db21tdW5pdHkgQ29udGVudCBFZGl0czogPC9zcGFuPjxzcGFuIGNsYXNzPSdSc3NIZWFkbGluZXNSZXBlYXRlcl9UZXh0VmFsdWUnPjUyNzI8L3NwYW4+ZAICD2QWAmYPFQGKATxzcGFuIGNsYXNzPSdSc3NIZWFkbGluZXNSZXBlYXRlcl9UZXh0SXRlbSc+VG9waWNzIHdpdGggQ29tbXVuaXR5IENvbnRlbnQ6IDwvc3Bhbj48c3BhbiBjbGFzcz0nUnNzSGVhZGxpbmVzUmVwZWF0ZXJfVGV4dFZhbHVlJz4yNjgyPC9zcGFuPmQCAw9kFgJmDxUBeTxzcGFuIGNsYXNzPSdSc3NIZWFkbGluZXNSZXBlYXRlcl9UZXh0SXRlbSc+Q29udHJpYnV0b3JzOiA8L3NwYW4+PHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX1RleHRWYWx1ZSc+MTY0NDwvc3Bhbj5kAgMPZBYEZg8VARpUb3DCoENvbnRyaWJ1dG9yc8KgT3ZlcmFsbGQCAQ8WAh8PAgUWCmYPZBYCZg8VAdoBPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX0xpbmtJdGVtJz48YSBocmVmPSdodHRwOi8vbXNkbjIubWljcm9zb2Z0LmNvbTo4MC9lbi1VUy9saWJyYXJ5L1VzZXItRGF2aWQrTS4rS2VhbistK01TRlQuYXNweCc+RGF2aWQgTS4gS2VhbiAtIE1TRlQ8L2E+PC9zcGFuPiAoPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX1RleHRWYWx1ZSc+NTMwPC9zcGFuPilkAgEPZBYCZg8VAcYBPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX0xpbmtJdGVtJz48YSBocmVmPSdodHRwOi8vbXNkbjIubWljcm9zb2Z0LmNvbTo4MC9lbi1VUy9saWJyYXJ5L1VzZXItVGhvbWFzK0xlZS5hc3B4Jz5UaG9tYXMgTGVlPC9hPjwvc3Bhbj4gKDxzcGFuIGNsYXNzPSdSc3NIZWFkbGluZXNSZXBlYXRlcl9UZXh0VmFsdWUnPjI3Nzwvc3Bhbj4pZAICD2QWAmYPFQHWATxzcGFuIGNsYXNzPSdSc3NIZWFkbGluZXNSZXBlYXRlcl9MaW5rSXRlbSc+PGEgaHJlZj0naHR0cDovL21zZG4yLm1pY3Jvc29mdC5jb206ODAvZW4tVVMvbGlicmFyeS9Vc2VyLUNyYWlnK1NraWJvKy0rTVNGVC5hc3B4Jz5DcmFpZyBTa2libyAtIE1TRlQ8L2E+PC9zcGFuPiAoPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX1RleHRWYWx1ZSc+MjM3PC9zcGFuPilkAgMPZBYCZg8VAdQBPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX0xpbmtJdGVtJz48YSBocmVmPSdodHRwOi8vbXNkbjIubWljcm9zb2Z0LmNvbTo4MC9lbi1VUy9saWJyYXJ5L1VzZXItU2hhd24rU3RlZWxlK01TRlQuYXNweCc+U2hhd24gU3RlZWxlIE1TRlQ8L2E+PC9zcGFuPiAoPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX1RleHRWYWx1ZSc+MTkzPC9zcGFuPilkAgQPZBYCZg8VAcIBPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX0xpbmtJdGVtJz48YSBocmVmPSdodHRwOi8vbXNkbjIubWljcm9zb2Z0LmNvbTo4MC9lbi1VUy9saWJyYXJ5L1VzZXItTWFoaXdheXMuYXNweCc+TWFoaXdheXM8L2E+PC9zcGFuPiAoPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX1RleHRWYWx1ZSc+MTMwPC9zcGFuPilkAgUPZBYEZg8VAStNb3N0wqBBY3RpdmXCoENvbnRyaWJ1dG9yc8KgKGxhc3TCoDfCoGRheXMpZAIBDxYCHw8CBRYKZg9kFgJmDxUBywE8c3BhbiBjbGFzcz0nUnNzSGVhZGxpbmVzUmVwZWF0ZXJfTGlua0l0ZW0nPjxhIGhyZWY9J2h0dHA6Ly9tc2RuMi5taWNyb3NvZnQuY29tOjgwL2VuLVVTL2xpYnJhcnkvVXNlci1Ed2VsbGluZ2Jyb29rLmFzcHgnPkR3ZWxsaW5nYnJvb2s8L2E+PC9zcGFuPiAoPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX1RleHRWYWx1ZSc+MTM8L3NwYW4+KWQCAQ9kFgJmDxUB2AE8c3BhbiBjbGFzcz0nUnNzSGVhZGxpbmVzUmVwZWF0ZXJfTGlua0l0ZW0nPjxhIGhyZWY9J2h0dHA6Ly9tc2RuMi5taWNyb3NvZnQuY29tOjgwL2VuLVVTL2xpYnJhcnkvVXNlci1EYXZpZCtNLitLZWFuKy0rTVNGVC5hc3B4Jz5EYXZpZCBNLiBLZWFuIC0gTVNGVDwvYT48L3NwYW4+ICg8c3BhbiBjbGFzcz0nUnNzSGVhZGxpbmVzUmVwZWF0ZXJfVGV4dFZhbHVlJz43PC9zcGFuPilkAgIPZBYCZg8VAcABPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX0xpbmtJdGVtJz48YSBocmVmPSdodHRwOi8vbXNkbjIubWljcm9zb2Z0LmNvbTo4MC9lbi1VUy9saWJyYXJ5L1VzZXItSm9obm55VEguYXNweCc+Sm9obm55VEg8L2E+PC9zcGFuPiAoPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX1RleHRWYWx1ZSc+NTwvc3Bhbj4pZAIDD2QWAmYPFQG4ATxzcGFuIGNsYXNzPSdSc3NIZWFkbGluZXNSZXBlYXRlcl9MaW5rSXRlbSc+PGEgaHJlZj0naHR0cDovL21zZG4yLm1pY3Jvc29mdC5jb206ODAvZW4tVVMvbGlicmFyeS9Vc2VyLXNpbm0uYXNweCc+c2lubTwvYT48L3NwYW4+ICg8c3BhbiBjbGFzcz0nUnNzSGVhZGxpbmVzUmVwZWF0ZXJfVGV4dFZhbHVlJz41PC9zcGFuPilkAgQPZBYCZg8VAbwBPHNwYW4gY2xhc3M9J1Jzc0hlYWRsaW5lc1JlcGVhdGVyX0xpbmtJdGVtJz48YSBocmVmPSdodHRwOi8vbXNkbjIubWljcm9zb2Z0LmNvbTo4MC9lbi1VUy9saWJyYXJ5L1VzZXItZWxtYXJqLmFzcHgnPmVsbWFyajwvYT48L3NwYW4+ICg8c3BhbiBjbGFzcz0nUnNzSGVhZGxpbmVzUmVwZWF0ZXJfVGV4dFZhbHVlJz40PC9zcGFuPilkAgYPZBYCZg8VAQBkAgEPZBYEAgEPDxYCHwloZGQCBQ8PFgIfCWhkFgJmD2QWAgIBDxYCHglpbm5lcmh0bWwFDVJlbGF0ZWQgUGFnZXNkAgUPZBYEAgEPFgIeBWNsYXNzBRRNVFBTX0Zvb3RlckZhZGVfbXNkbhYKAgEPDxYEHwEFFU1UUFNfRm9vdGVyTGlua3NfbXNkbh8DAgJkZAIDDw8WCB8EBTgmY29weTsgMjAwNyAgTWljcm9zb2Z0IENvcnBvcmF0aW9uLiBBbGwgcmlnaHRzIHJlc2VydmVkLh8CBTTCqSAyMDA3ICBNaWNyb3NvZnQgQ29ycG9yYXRpb24uIEFsbCByaWdodHMgcmVzZXJ2ZWQuHwEFGU1UUFNfRm9vdGVyQ29weXJpZ2h0X21zZG4fAwICZGQCBQ8PFgofBwUraHR0cDovL3d3dy5taWNyb3NvZnQuY29tL2luZm8vY3B5cmlnaHQubXNweB8CBQxUZXJtcyBvZiBVc2UfBAUMVGVybXMgb2YgVXNlHwEFFU1UUFNfRm9vdGVyTGlua3NfbXNkbh8DAgJkZAIHDw8WCh8HBUJodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vbGlicmFyeS90b29sYmFyLzMuMC90cmFkZW1hcmtzL2VuLXVzLm1zcHgfAgUKVHJhZGVtYXJrcx8EBQpUcmFkZW1hcmtzHwEFFU1UUFNfRm9vdGVyTGlua3NfbXNkbh8DAgJkZAIJDw8WCh8HBSpodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vaW5mby9wcml2YWN5Lm1zcHgfAgURUHJpdmFjeSBTdGF0ZW1lbnQfBAURUHJpdmFjeSBTdGF0ZW1lbnQfAQUVTVRQU19Gb290ZXJMaW5rc19tc2RuHwMCAmRkAgMPFgIfEQUUTVRQU19Gb290ZXJMb2dvX21zZG4WAgIBDw8WBh4NQWx0ZXJuYXRlVGV4dAUVTWljcm9zb2Z0IENvcnBvcmF0aW9uHghJbWFnZVVybAUzL21zZG4vQ29udHJvbHMvTVRQU19Gb290ZXJDdHJsL2VuLXVzL21zZG5tc2xvZ28uanBnHwIFFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbmRkGAQFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYHBSVjdGwwMCROYXZpZ2F0aW9uVGFiU3RyaXAkU2VhcmNoQnV0dG9uBS5jdGwwMCRMaWJGcmFtZSREZEZpbHRlcjEkRHJvcERvd25MbmdGaWx0ZXJDdHJsBS5jdGwwMCRMaWJGcmFtZSREZEZpbHRlcjEkRHJvcERvd25MbmdGaWx0ZXJDdHJsBS5jdGwwMCRMaWJGcmFtZSREZEZpbHRlcjEkRHJvcERvd25MbmdGaWx0ZXJDdHJsBS5jdGwwMCRMaWJGcmFtZSREZEZpbHRlcjEkRHJvcERvd25MbmdGaWx0ZXJDdHJsBS5jdGwwMCRMaWJGcmFtZSREZEZpbHRlcjEkRHJvcERvd25MbmdGaWx0ZXJDdHJsBS5jdGwwMCRMaWJGcmFtZSREZEZpbHRlcjEkRHJvcERvd25MbmdGaWx0ZXJDdHJsBRpjdGwwMCRMaWJGcmFtZSRDb250ZW50Vmlldw8PZAIBZAURY3RsMDAkVG9vbEJhclZpZXcPD2QCAWQFImN0bDAwJE5hdmlnYXRpb25UYWJTdHJpcCRTY29wZU1lbnUPD2QFA1wwMGTKZ+p7f6j84rV8grO8Ibwa+djwfA==" type="hidden">
</div>

<script type="text/javascript">
<!--
var theForm = document.forms['aspnetForm'];
if (!theForm) {
    theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
        theForm.__EVENTTARGET.value = eventTarget;
        theForm.__EVENTARGUMENT.value = eventArgument;
        theForm.submit();
    }
}
// -->
</script>


<script src="ms977327.aspx_files/WebResource_002.js" type="text/javascript"></script>


<script type="text/javascript">
<!--
var detectedLocale = 'en-US';
var wtsp="msdnlib_dotnet";
var gTrackEvents = 0;
// -->
</script>

<script src="ms977327.aspx_files/WebResource.js" type="text/javascript"></script>
<script type="text/javascript">
<!--
var errSameContent = "Content has not changed";
var errEmptySubject = "Title can not be empty";
var errEmptyContent = "Content cannot be empty";
// -->
</script>

<script src="ms977327.aspx_files/ScriptResource.js" type="text/javascript"></script>
<script src="ms977327.aspx_files/ScriptResource_002.js" type="text/javascript"></script>
<script src="ms977327.aspx_files/ssmoz.js" type="text/javascript"></script>
<script src="ms977327.aspx_files/sscorlib.js" type="text/javascript"></script>
<script src="ms977327.aspx_files/InlineHtmlEditor.js" type="text/javascript"></script>
<script src="ms977327.aspx_files/ScriptResource_002.axd" type="text/javascript"></script>
<script src="ms977327.aspx_files/ScriptResource_007.axd" type="text/javascript"></script>
<script src="ms977327.aspx_files/ScriptResource_005.axd" type="text/javascript"></script>
<script src="ms977327.aspx_files/ScriptResource_006.axd" type="text/javascript"></script>
<script src="ms977327.aspx_files/ScriptResource_003.axd" type="text/javascript"></script>
<script src="ms977327.aspx_files/ScriptResource_004.axd" type="text/javascript"></script>
<script src="ms977327.aspx_files/ScriptResource.axd" type="text/javascript"></script>
        <script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager1', document.getElementById('aspnetForm'));
Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tctl00$tb1$up1'], [], [], 90);
//]]>
</script>

        <div id="ctl00_header" class="head">
	
                <table id="globalBar" border="0" cellpadding="0" cellspacing="0" width="100%">
                    <tbody><tr style="height: 26px;">
                        <td id="ctl00_Td1" style="white-space: nowrap;" align="left">
                            &nbsp;
                            
    <span id="ctl00_UserRecognitionFlyout_loginView_lblWelcomeAnonymous" class="UserRecognitionFlyoutStaticText_msdn">Welcome</span>
  					

                            <span id="ctl00_lblSeparatorLeft">&nbsp;|&nbsp;</span>
                            <span id="ctl00_lblLoginStatus"><a href="https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx?wizid=b28a479f-4189-428a-8f89-4ace6507a68c&amp;lcid=1033&amp;fu=http%253a%252f%252fprofile.microsoft.com%252fpersonalization%252fapplications%252fmsdnsync%252fSyncProfile.aspx%253fst%253d1%2526ru%253dhttp%253a%252f%252fmsdn2.microsoft.com%252fen-us%252flibrary%252fms977327.aspx&amp;cu=&amp;wp=MCLBI"><span class="MTPS_GlobalToolbarLinks_msdn">Sign In</span></a></span>
                            &nbsp;&nbsp;
                        </td>
	
                        <td id="ctl00_Td2" style="width: 100%; white-space: nowrap;" align="right">
                            <div class="LocaleManagementFlyoutStatic_msdn" style="position: relative; z-index: 0;" id="ctl00$LocaleManagement$ctl00"><a class="LocaleManagementFlyoutStaticLink_msdn" href="javascript:void(0)">United States - English&nbsp;</a><img class="LocaleManagementFlyoutPopArrow" src="ms977327.aspx_files/popdownarrow-msdn-right.gif" style="border-width: 0px; height: 4px; width: 7px;"><div id="ctl00$LocaleManagement$ctl00_Popup" class="LocaleManagementFlyoutPopup" style="position: absolute; visibility: hidden; left: -10000px; top: 17px;">
			<table style="width: 175px;" border="0">
				<tbody><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl05','')">Argentina (Español)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl06','')">Australia (English)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl07','')">Brasil (Portugués)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl08','')">Canada (English)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl09','')">Canada (Français)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl10','')">中国 (简体中文)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl11','')">Colombia (Español)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl12','')">Deutschland (Deutsch)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl13','')">España (Español)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl14','')">France (Français)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl15','')">India (English)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl16','')">México (Español)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl17','')">Perú (Español)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl18','')">Россия (Pусский)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl19','')">United Kingdom (English)</a></td>
				</tr><tr>
					<td><a href="javascript:__doPostBack('ctl00$LocaleManagement$ctl00$ctl20','')">United States (English)</a></td>
				</tr><tr>
					<td class="LocaleManagementFlyoutPopupHr"></td>
				</tr><tr>
					<td><a href="http://msdn2.microsoft.com/en-us/preferences/lang/">More...</a></td>
				</tr>
			</tbody></table></div><div style="visibility: hidden; width: 9.15px; height: 20.25px; top: 17px; left: 120px;" id="ctl00$LocaleManagement$ctl00_Anim" class="TFlyPopupAnimate"></div>
	</div>
	


                            <span id="ctl00_lblSeparatorRight">&nbsp;|&nbsp;</span>
                            <div class="QuickLinksFlyoutStatic_msdn" style="position: relative;" id="ctl00$QuickLinks$ctrlFlyout"><a id="ctl00_QuickLinks_ctrlFlyout_ctrlTitle" title="Microsoft.com Quick Links" class="QuickLinksFlyoutStaticLink_msdn" href="javascript:void(0)"><span>Microsoft.com&nbsp;</span><img class="QuickLinksPopArrow" src="ms977327.aspx_files/popdownarrow-msdn-right_002.gif" style="border-width: 0px; height: 4px; width: 7px;"></a><div id="ctl00$QuickLinks$ctrlFlyout_Popup" class="QuickLinksFlyoutPopup" style="position: absolute; visibility: hidden; left: -65534px;">
			<table><tbody><tr><td valign="top"><h4>Product Families</h4><div class="list"><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447412">Office</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447413">Windows</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447414">Windows Server System</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447415">Windows Mobile</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447416">Developer Tools</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447417">Business Solutions</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447418">Games &amp; Xbox</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447419">MSN</a></div></div></td><td valign="top"><h4>Resources</h4><div class="list"><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447420">Microsoft Update</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447421">Office Update</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447422">Download Center</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447423">Help &amp; Support</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447424">Security</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447425">Volume Licensing</a></div></div><h4>About Microsoft</h4><div class="list"><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447426">Company Information</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447427">Investor Relations</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447428">PressPass for journalists</a></div></div></td><td valign="top"><h4>Popular Places</h4><div class="list"><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447429">MSDN (Developers)</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447430">TechNet (IT Pros)</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447431">Microsoft At Home</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447432">Microsoft At Work</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447433">Business &amp; Industry</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447434">Microsoft partners</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447435">Microsoft hardware</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447436">Product catalog</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447437">Mactopia</a></div><div class="listitem"><a href="http://go.microsoft.com/?linkid=4447438">Microsoft.com site map</a></div></div></td></tr><tr><td colspan="10" class="QuickLinksFlyoutPopupHr"></td></tr><tr><td valign="top"><h4>Popular Searches</h4><div class="list"><div class="listitem"><a href="http://search.microsoft.com/results.aspx?mkt=en-US&amp;setlang=en-US&amp;q=templates">Templates</a></div><div class="listitem"><a href="http://search.microsoft.com/results.aspx?q=activesync&amp;l=1&amp;mkt=en-US&amp;FORM=QBME1">ActiveSync</a></div><div class="listitem"><a href="http://search.microsoft.com/results.aspx?q=clip+art&amp;l=1&amp;mkt=en-US&amp;FORM=QBME1">Clip art</a></div></div></td><td valign="top"><h4>Popular Downloads</h4><div class="list"><div class="listitem"><a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&amp;displaylang=en">Windows Defender Beta 2</a></div><div class="listitem"><a href="http://www.microsoft.com/downloads/results.aspx?pocId=&amp;freetext=directx&amp;DisplayLang=en">DirectX End-User Runtime</a></div><div class="listitem"><a href="http://www.microsoft.com/downloads">More popular downloads</a></div></div></td></tr></tbody></table></div><div id="ctl00$QuickLinks$ctrlFlyout_Anim" class="TFlyPopupAnimate"></div>
	</div>
	


                        </td>
	
                    </tr>
                </tbody></table>
                <div id="ctl00_NavigationTabStrip_TabStripPanel">
		
  <!--[if IE 7]>
  <style type="text/css">
    .scopeArrow_msdn, .scopeArrow_technet
    {
        margin-top: -1px;
        padding-top: 2px;
        padding-right: 18px;
    }
    .TabStrip_SearchBox
    {
       padding: 0px 2px 0 2px;
       height: 19px;
    }
  </style>
  <![endif]-->
            
  <div id="TabStrip">
    <table cellpadding="0" cellspacing="0" width="100%"><tbody>
        <tr><td><img src="ms977327.aspx_files/trans.gif" alt="" height="1" width="245"></td>
            <td style="width: 100%;"></td>
        </tr>
        <tr>
           <td style="width: 230px; padding-left: 15px;">
           <div id="SearchContainer">
            
            <input name="ctl00$NavigationTabStrip$SearchTextBox" value="Search MSDN with Live Search" id="ctl00_NavigationTabStrip_SearchTextBox" title="Search MSDN" class="TabStrip_SearchBox" onmousedown="onMouseDownSearch()" type="text"><input name="ctl00$NavigationTabStrip$SearchButton" id="ctl00_NavigationTabStrip_SearchButton" title="Click here to search" class="TabStrip_SearchButton" onmousedown="onMouseDownSearch()" src="ms977327.aspx_files/search_button.gif" style="border-width: 0px;" type="image">
		                <a href="#ctl00_NavigationTabStrip_ScopeMenu_SkipLink"><img alt="Skip Navigation Links" src="ms977327.aspx_files/WebResource_002.gif" style="border-width: 0px;" height="0" width="0"></a><table id="ctl00_NavigationTabStrip_ScopeMenu" class="scopeArrow_msdn ctl00_NavigationTabStrip_ScopeMenu_2" border="0" cellpadding="0" cellspacing="0">
			<tbody><tr onmouseover="Menu_HoverStatic(this)" onmouseout="Menu_Unhover(this)" onkeyup="Menu_Key(event)" id="ctl00_NavigationTabStrip_ScopeMenun0">
				<td><table border="0" cellpadding="0" cellspacing="0" width="100%">
					<tbody><tr>
						<td style="white-space: nowrap; width: 100%;"><a class="ctl00_NavigationTabStrip_ScopeMenu_1" href="javascript:__doPostBack('ctl00$NavigationTabStrip$ScopeMenu','')">&nbsp;&nbsp;</a></td>
					</tr>
				</tbody></table></td>
			</tr>
		</tbody></table><div id="ctl00_NavigationTabStrip_ScopeMenun0Items" class="ctl00_NavigationTabStrip_ScopeMenu_0 scopeFlyout ctl00_NavigationTabStrip_ScopeMenu_5">
			<table border="0" cellpadding="0" cellspacing="0">
				<tbody><tr onmouseover="Menu_HoverDynamic(this)" onmouseout="Menu_Unhover(this)" onkeyup="Menu_Key(event)" id="ctl00_NavigationTabStrip_ScopeMenun1">
					<td><table class="scopeItem ctl00_NavigationTabStrip_ScopeMenu_4 scopeSelected ctl00_NavigationTabStrip_ScopeMenu_7" border="0" cellpadding="0" cellspacing="0" width="100%">
						<tbody><tr>
							<td style="white-space: nowrap; width: 100%;"><a class="ctl00_NavigationTabStrip_ScopeMenu_1 scopeItem ctl00_NavigationTabStrip_ScopeMenu_3 scopeSelected ctl00_NavigationTabStrip_ScopeMenu_6" href="javascript:__doPostBack('ctl00$NavigationTabStrip$ScopeMenu','\\00')" style="border-style: none; font-size: 1em;">Search MSDN</a></td>
						</tr>
					</tbody></table></td>
				</tr><tr onmouseover="Menu_HoverDynamic(this)" onmouseout="Menu_Unhover(this)" onkeyup="Menu_Key(event)" id="ctl00_NavigationTabStrip_ScopeMenun2">
					<td><table class="scopeItem ctl00_NavigationTabStrip_ScopeMenu_4" border="0" cellpadding="0" cellspacing="0" width="100%">
						<tbody><tr>
							<td style="white-space: nowrap; width: 100%;"><a class="ctl00_NavigationTabStrip_ScopeMenu_1 scopeItem ctl00_NavigationTabStrip_ScopeMenu_3" href="javascript:__doPostBack('ctl00$NavigationTabStrip$ScopeMenu','\\105')" style="border-style: none; font-size: 1em;">Search Microsoft.com</a></td>
						</tr>
					</tbody></table></td>
				</tr><tr onmouseover="Menu_HoverDynamic(this)" onmouseout="Menu_Unhover(this)" onkeyup="Menu_Key(event)" id="ctl00_NavigationTabStrip_ScopeMenun3">
					<td><table class="scopeItem ctl00_NavigationTabStrip_ScopeMenu_4" border="0" cellpadding="0" cellspacing="0" width="100%">
						<tbody><tr>
							<td style="white-space: nowrap; width: 100%;"><a class="ctl00_NavigationTabStrip_ScopeMenu_1 scopeItem ctl00_NavigationTabStrip_ScopeMenu_3" href="javascript:__doPostBack('ctl00$NavigationTabStrip$ScopeMenu','\\115')" style="border-style: none; font-size: 1em;">Live Search</a></td>
						</tr>
					</tbody></table></td>
				</tr>
			</tbody></table><div class="scopeItem ctl00_NavigationTabStrip_ScopeMenu_4 scopeSelected ctl00_NavigationTabStrip_ScopeMenu_7 ctl00_NavigationTabStrip_ScopeMenu_0" id="ctl00_NavigationTabStrip_ScopeMenun0ItemsUp" onmouseover="PopOut_Up(this)" onmouseout="PopOut_Stop(this)" style="text-align: center;">
				<img src="ms977327.aspx_files/WebResource.gif" alt="Scroll up">
			</div><div class="scopeItem ctl00_NavigationTabStrip_ScopeMenu_4 scopeSelected ctl00_NavigationTabStrip_ScopeMenu_7 ctl00_NavigationTabStrip_ScopeMenu_0" id="ctl00_NavigationTabStrip_ScopeMenun0ItemsDn" onmouseover="PopOut_Down(this)" onmouseout="PopOut_Stop(this)" style="text-align: center;">
				<img src="ms977327.aspx_files/WebResource_003.gif" alt="Scroll down">
			</div>
		</div><a id="ctl00_NavigationTabStrip_ScopeMenu_SkipLink"></a>
            <div style="border: 1px solid buttonshadow; overflow: hidden; visibility: hidden; background-color: window; color: windowtext; cursor: default; position: absolute;" id="ctl00_NavigationTabStrip_SearchAutoComplete_completionListElem"></div></div>
            </td>
            <td style="padding-right: 15px;">
                <div id="ctl00_NavigationTabStrip_BrandContainer">
			
                    <div id="CenterBrand">
                        <table cellpadding="0" cellspacing="0" width="100%">
                            <tbody>
                                <tr>
                                    <td><img src="ms977327.aspx_files/trans.gif" alt="" height="43" width="1"></td>
                                    <td>
                                        <div id="CenterBrand_CenterTitle_msdn">
				<span>Microsoft Developer Network&nbsp;</span>
			</div>
                                    </td>
                                    <td>
                                        <div id="CenterBrand_CenterLogo_msdn">

			</div>
                                    </td>
                                </tr>
                                <tr>
                                    <td colspan="3" style="padding: 0pt 10px;">
                                        <table cellpadding="0" cellspacing="0">
                                            <tbody>
                                                <tr>
                                                    <td class="tabOff"><a onclick="javascript:Track('|Section Tab|ctl00_NavigationTabStrip_ctl00|ctl00_NavigationTabStrip_ctl08',this);" title="Home&nbsp;-&nbsp;Microsoft Developer Network&nbsp;" href="http://msdn2.microsoft.com/en-us/ms348103">Home</a></td><td class="tabOn"><a onclick="javascript:Track('|Section Tab|ctl00_NavigationTabStrip_ctl01|ctl00_NavigationTabStrip_ctl09',this);" title="Library&nbsp;-&nbsp;Microsoft Developer Network&nbsp;" href="http://msdn2.microsoft.com/library/ms123401">Library</a></td><td class="tabOff"><a onclick="javascript:Track('|Section Tab|ctl00_NavigationTabStrip_ctl02|ctl00_NavigationTabStrip_ctl10',this);" title="Learn&nbsp;-&nbsp;Microsoft Developer Network&nbsp;" href="http://msdn2.microsoft.com/en-us/bb188199">Learn</a></td><td class="tabOff"><a onclick="javascript:Track('|Section Tab|ctl00_NavigationTabStrip_ctl03|ctl00_NavigationTabStrip_ctl11',this);" title="Downloads&nbsp;-&nbsp;Microsoft Developer Network&nbsp;" href="http://msdn2.microsoft.com/en-us/aa570309">Downloads</a></td><td class="tabOff"><a onclick="javascript:Track('|Section Tab|ctl00_NavigationTabStrip_ctl04|ctl00_NavigationTabStrip_ctl12',this);" title="Support&nbsp;-&nbsp;Microsoft Developer Network&nbsp;" href="http://msdn2.microsoft.com/en-us/aa570318">Support</a></td><td class="tabOff"><a onclick="javascript:Track('|Section Tab|ctl00_NavigationTabStrip_ctl05|ctl00_NavigationTabStrip_ctl13',this);" title="Community&nbsp;-&nbsp;Microsoft Developer Network&nbsp;" href="http://msdn2.microsoft.com/en-us/aa497440">Community</a></td>
                                                </tr>
                                            </tbody>
                                        </table>
                                    </td>
                                </tr>
                            </tbody>
                        </table>
                    </div>
                
		</div>
            </td>
        </tr>
        <tr>
            <td colspan="2">
                <div id="LibraryDivider">

		</div>
            </td>
        </tr>
     </tbody>
    </table>
    </div>
    
    <input name="ctl00$NavigationTabStrip$HiddenText" value="default" id="ctl00_NavigationTabStrip_HiddenText" style="visibility: hidden; display: none;" type="text">

	</div>
<div id="CenterBrand_SiteBrand_msdn">
		<a href="http://msdn2.microsoft.com/"></a>
	</div>
                <div class="clearHeader"></div>
                
                        

<!--[if IE]>
       <style>
          .tbfont{	font-size: 70%;}
        </style><![endif]-->

<div id="ctl00_tb1_Panel1" class="miniRatings">
		
  <div id="ctl00_tb1_miniRatings_left" class="miniRatings_left">
			
    <a id="ctl00_tb1_hlPrint" title="Print This Content" onclick="javascript: WebForm_DoCallback('ctl00$tb1','printerFriendlyPage',GetServerData,null,null,false);" href="http://msdn2.microsoft.com/en-us/library/ms977327%28d=printer%29.aspx"><img id="ctl00_tb1_imgPrint" src="ms977327.aspx_files/rtg_print.gif" style="border-width: 0px;">&nbsp;
      Printer Friendly Version</a>
    
    <a id="ctl00_tb1_hlSendCont" title="Send This Content" onclick="javascript: WebForm_DoCallback('ctl00$tb1','sendThisPage',GetServerData,null,null,false);" href="mailto:?subject=Understanding%20WS-Security&amp;body=This%20URL%20points%20to%20a%20page%20on%20MSDN%20that%20may%20interest%20you:%20http://msdn2.microsoft.com/en-us/library/ms977327.aspx"><img id="ctl00_tb1_imgSendCont" src="ms977327.aspx_files/rtg_email.gif" style="border-width: 0px;">&nbsp;
      Send</a>
    
  
		</div>
  <div id="ctl00_tb1_up1">
			
      <div id="ctl00_tb1_miniRatings_right" class="miniRatings_right">
				
        <div class="ratingFlyoutStatic" style="position: relative; z-index: 0;" id="ctl00$tb1$Flyout"><div id="ctl00_tb1_Flyout_rtgContainer" title="Click a star and provide feedback" style="display: block; text-align: right;">
						
              <table style="float: right;">
                <tbody><tr>
                  <td style="text-align: right; line-height: 70%;">
                    <span id="ctl00_tb1_Flyout_rateTitleLabel" class="tbFont">Click to Rate and Give Feedback</span>
                  </td>
                  <td id="ctl00_tb1_Flyout_tdRtg" style="width: 85px;" onclick="if($get('ctl00_tb1_Flyout_tbComments')!=null) $get('ctl00_tb1_Flyout_tbComments').focus();">
                            <div id="ctl00_tb1_Flyout_Rating1" dir="ltr">
							<input name="ctl00$tb1$Flyout$Rating1_RatingExtender_ClientState" id="ctl00_tb1_Flyout_Rating1_RatingExtender_ClientState" value="2" type="hidden"><span id="ctl00_tb1_Flyout_Rating1_Star_1" class="ratingStar filledRatingStar" style="float: left;">&nbsp;</span><span id="ctl00_tb1_Flyout_Rating1_Star_2" class="ratingStar filledRatingStar" style="float: left;">&nbsp;</span><span id="ctl00_tb1_Flyout_Rating1_Star_3" class="ratingStar emptyRatingStar" style="float: left;">&nbsp;</span><span id="ctl00_tb1_Flyout_Rating1_Star_4" class="ratingStar emptyRatingStar" style="float: left;">&nbsp;</span><span id="ctl00_tb1_Flyout_Rating1_Star_5" class="ratingStar emptyRatingStar" style="float: left;">&nbsp;</span>
						</div>
                </td>
						
                </tr>
              </tbody></table>
            
					</div>
            <div style="display: block; float: none; clear: both;">
            </div>
          <div id="ctl00$tb1$Flyout_Popup" class="ratingFlyoutPopup" style="position: absolute; visibility: hidden; left: -10000px; top: 28px;">
						<span id="ctl00_tb1_Flyout_lbOptText" class="OptionalText">Give feedback on this content</span><textarea name="ctl00$tb1$Flyout$tbComments" rows="2" cols="20" id="ctl00_tb1_Flyout_tbComments" class="Comment"></textarea><input name="ctl00$tb1$Flyout$btnSubmit" value="Send" onclick="return IsPageRated(&quot;ctl00_tb1_Flyout_Rating1&quot;,&quot;ctl00_tb1_Flyout_lbOptText&quot;,'Please rate the page first.', &quot;ctl00$tb1$Flyout&quot;,this);" id="ctl00_tb1_Flyout_btnSubmit" title="Send This Content" class="Button" type="submit"></div><div style="visibility: hidden; width: 22.6px; height: 11.1px; top: 28px; left: 285px;" id="ctl00$tb1$Flyout_Anim" class="TFlyPopupAnimate"></div>
				</div>
				
      
			</div>
    
		</div>
  <div style="display: block; clear: both; visibility: hidden;"></div>

	</div>

                    
                
        
</div>
        <div id="ctl00_LibFrame_ResizeContainer">
	<div id="ctl00_LibFrame_tocPanel" class="tocPanel" style="width: 250px;">
		
                <div id="ctl00_LibFrame_Panel1" class="tocInner" style="height: 100%;">
			
                    
    <div id="tocLoadingMessage" class="tocFrame" style="position: absolute; display: none;">
      <span id="ctl00_LibFrame_tocLoader1_lbLoadingMessage" class="loadingMessage">Loading...</span>
    </div>
      <div id="iframeContainer" style="width: 100%; height: 100%;">
        <noscript>
<iframe onload="TocLoader_HideMessage();" id="tocIFrame"
class="tocFrame" src="/en-us/library/ms977327(d=toc).aspx"
frameborder="0" ></iframe> </noscript>
      <iframe onload="TocLoader_HideMessage();" id="tocIFrame" class="tocFrame" src="ms977327.aspx_files/ms977327dtoc.htm" frameborder="0"></iframe></div>
    
    <script type="text/javascript">
      <!--
        function Toc_LoadIframe(){
          var html = "<iframe onload=\"TocLoader_HideMessage();\" id=\"tocIFrame\" class=\"tocFrame\" src=\"/en-us/library/ms977327(d=toc).aspx\" frameborder=\"0\" />";
          document.getElementById("iframeContainer").innerHTML+=html;
          tocOpenCollapseHandler = null
        }
        function Toc_PageLoad(){
          if(!isTocCollapsed){
            window.setTimeout(Toc_LoadIframe,100);
          }
          tocOpenCollapseHandler = function(isCollapsed){
            if(!isCollapsed){
             window.setTimeout(Toc_LoadIframe,100);
            }
          }          
        }
      document.getElementById("tocLoadingMessage").style.display= "block";
      if (window.attachEvent) {window.attachEvent("onload",Toc_PageLoad); }
      else if (document.addEventListener) {    document.addEventListener("DOMContentLoaded", Toc_PageLoad, false);}
      //-->
    </script>

                
		</div>
            
	</div>
    <div id="ctl00_LibFrame_ResizeSplitter" title="Click and drag to resize. Double click or press 't' to toggle visibility." class="SplitterBar" ondblclick="OpenClosePanel();" onmouseover="HighlightSplitterBar(this.id,0);" onmouseout="HighlightSplitterBar(this.id,1);" onmousedown="SelectSplitter();" onmouseup="ReleaseSplitter();" style="position: absolute; left: 250px; width: 5px; background-image: url(/msdn/controls/resizablearea/en-us/lib_grippy.gif);">
		
            <div id="ctl00_LibFrame_SplitterInside" class="innerSplitter">

		</div>
    
	</div><div id="ctl00_LibFrame_contentPanel" class="contentPanel" style="left: 255px; width: 769px;">
		
               <div id="ctl00_LibFrame_EyebrowMenu_Panel1" class="EyebrowMenuBar">
			
<div class="stat" style="position: relative;" id="ctl00$LibFrame$EyebrowMenu$ctl00"><a title="MSDN&nbsp;" href="http://msdn2.microsoft.com/ms348103">MSDN<!--[if !IE]--><span class="rightpointer">▶</span><span class="downpointer">▾</span><!--[endif]--><!--[if IE]><span class="rightpointer">4</span><span class="downpointer" style="margin: 0 2px 0 3px">6</span><![endif]--></a><div id="ctl00$LibFrame$EyebrowMenu$ctl00_Popup" class="popup" style="position: absolute; visibility: hidden; left: -65534px; height: 146px; width: 98px;">
					<a title="MSDN Home&nbsp;" href="http://msdn2.microsoft.com/default.aspx">MSDN Home</a><a title="MSDN Library&nbsp;" href="http://msdn2.microsoft.com/library/">MSDN Library</a><a title="MSDN Learn&nbsp;" href="http://msdn2.microsoft.com/bb188199">MSDN Learn</a><a title="MSDN Downloads&nbsp;" href="http://msdn2.microsoft.com/aa570309">MSDN Downloads</a><a title="MSDN Support&nbsp;" href="http://msdn2.microsoft.com/aa570318">MSDN Support</a><a title="MSDN Community&nbsp;" href="http://msdn2.microsoft.com/aa497440">MSDN Community</a></div><div id="ctl00$LibFrame$EyebrowMenu$ctl00_Anim" class="TFlyPopupAnimate"></div>
			</div>
			<div class="stat" style="position: relative;" id="ctl00$LibFrame$EyebrowMenu$ctl01"><a title="MSDN Library" href="http://msdn2.microsoft.com/en-us/library/ms123401.aspx">MSDN Library<!--[if !IE]--><span class="rightpointer">▶</span><span class="downpointer">▾</span><!--[endif]--><!--[if IE]><span class="rightpointer">4</span><span class="downpointer" style="margin: 0 2px 0 3px">6</span><![endif]--></a><div id="ctl00$LibFrame$EyebrowMenu$ctl01_Popup" class="popup" style="position: absolute; visibility: hidden; left: -65534px; height: 194px; width: 190px;">
					<a title="Development Tools and Languages&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa187916.aspx">Development Tools and Languages</a><a title="Mobile and Embedded Development&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms376734.aspx">Mobile and Embedded Development</a><a title=".NET Development&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa139615.aspx">.NET Development</a><a title="Office Solutions Development&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms400535.aspx">Office Solutions Development</a><a title="Servers and Enterprise Development&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa155072.aspx">Servers and Enterprise Development</a><a title="Web Development&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa155073.aspx">Web Development</a><a title="Win32 and COM Development&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa139672.aspx">Win32 and COM Development</a><a title="MSDN Library Archive&nbsp;" href="http://msdn.microsoft.com/archive/default.asp">MSDN Library Archive</a></div><div id="ctl00$LibFrame$EyebrowMenu$ctl01_Anim" class="TFlyPopupAnimate"></div>
			</div>
			<div class="stat" style="position: relative;" id="ctl00$LibFrame$EyebrowMenu$ctl02"><a title=".NET Development" href="http://msdn2.microsoft.com/en-us/library/aa139615.aspx">.NET Development<!--[if !IE]--><span class="rightpointer">▶</span><span class="downpointer">▾</span><!--[endif]--><!--[if IE]><span class="rightpointer">4</span><span class="downpointer" style="margin: 0 2px 0 3px">6</span><![endif]--></a><div id="ctl00$LibFrame$EyebrowMenu$ctl02_Popup" class="popup" style="overflow: auto; position: absolute; visibility: hidden; left: -65534px; height: 200px; width: 275px;">
					<a title="Microsoft .NET Framework 3.0 Programming Model&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms687300.aspx">Microsoft .NET Framework 3.0 Programming Model</a><a title=".NET Framework Technologies&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms644566.aspx">.NET Framework Technologies</a><a title="ASP.NET&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms644563.aspx">ASP.NET</a><a title="Windows Forms&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms644558.aspx">Windows Forms</a><a title="Windows Presentation Foundation&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms754130.aspx">Windows Presentation Foundation</a><a title="Windows Communication Foundation&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa388579.aspx">Windows Communication Foundation</a><a title="Windows Workflow Foundation&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms735967.aspx">Windows Workflow Foundation</a><a title="Samples&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa388592.aspx">Samples</a><a title="Tools&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa388630.aspx">Tools</a><a title="General Reference&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa388713.aspx">General Reference</a><a title="Class Library&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa388745.aspx">Class Library</a><a title="Web Services Enhancements (WSE)&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa139633.aspx">Web Services Enhancements (WSE)</a><a title="Previous Versions&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa139634.aspx">Previous Versions</a><a title="Beta Versions&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa139637.aspx">Beta Versions</a><a title="Articles and Overviews&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa139641.aspx">Articles and Overviews</a></div><div id="ctl00$LibFrame$EyebrowMenu$ctl02_Anim" class="TFlyPopupAnimate"></div>
			</div>
			<div class="stat" style="position: relative;" id="ctl00$LibFrame$EyebrowMenu$ctl03"><a title="Articles and Overviews" href="http://msdn2.microsoft.com/en-us/library/aa139641.aspx">Articles and Overviews<!--[if !IE]--><span class="rightpointer">▶</span><span class="downpointer">▾</span><!--[endif]--><!--[if IE]><span class="rightpointer">4</span><span class="downpointer" style="margin: 0 2px 0 3px">6</span><![endif]--></a><div id="ctl00$LibFrame$EyebrowMenu$ctl03_Popup" class="popup" style="overflow: auto; position: absolute; visibility: hidden; left: -65534px; height: 200px; width: 238px;">
					<a title=".NET Framework Deployment&nbsp;" href="http://msdn2.microsoft.com/en-us/library/bb278077.aspx">.NET Framework Deployment</a><a title=".NET General&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa137140.aspx">.NET General</a><a title=".NET Remoting&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa185916.aspx">.NET Remoting</a><a title="Upgrading to Microsoft .NET&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa302323.aspx">Upgrading to Microsoft .NET</a><a title="Coding4Fun&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa137126.aspx">Coding4Fun</a><a title="Dr. GUI .NET&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa302321.aspx">Dr. GUI .NET</a><a title=".NET in the Real World&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa137326.aspx">.NET in the Real World</a><a title="Data Access and Storage&nbsp;" href="http://msdn2.microsoft.com/en-us/library/bb278078.aspx">Data Access and Storage</a><a title="Deployment and Management&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa286517.aspx">Deployment and Management</a><a title="Enterprise Services&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa286569.aspx">Enterprise Services</a><a title="Networking and Communication&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa286518.aspx">Networking and Communication</a><a title=".NET Performance&nbsp;" href="http://msdn2.microsoft.com/en-us/library/bb278083.aspx">.NET Performance</a><a title="Security&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa286519.aspx">Security</a><a title="Smart Client Applications (Windows Forms)&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms950424.aspx">Smart Client Applications (Windows Forms)</a><a title="Web Applications (ASP.NET)&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa286485.aspx">Web Applications (ASP.NET)</a><a title="Web Services&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms950421.aspx">Web Services</a><a title="Windows Vista&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa286509.aspx">Windows Vista</a><a title="XML and the .NET Framework&nbsp;" href="http://msdn2.microsoft.com/en-us/library/bb400894.aspx">XML and the .NET Framework</a></div><div id="ctl00$LibFrame$EyebrowMenu$ctl03_Anim" class="TFlyPopupAnimate"></div>
			</div>
			<div class="stat" style="position: relative;" id="ctl00$LibFrame$EyebrowMenu$ctl04"><a title="Web Services" href="http://msdn2.microsoft.com/en-us/library/ms950421.aspx">Web Services<!--[if !IE]--><span class="rightpointer">▶</span><span class="downpointer">▾</span><!--[endif]--><!--[if IE]><span class="rightpointer">4</span><span class="downpointer" style="margin: 0 2px 0 3px">6</span><![endif]--></a><div id="ctl00$LibFrame$EyebrowMenu$ctl04_Popup" class="popup" style="overflow: auto; position: absolute; visibility: hidden; left: -65534px; height: 200px; width: 230px;">
					<a title=".NET Framework Web Services Overview&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa735708.aspx">.NET Framework Web Services Overview</a><a title="Web Services Specifications&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951274.aspx">Web Services Specifications</a><a title="Web Services and the .NET Framework&nbsp;" href="http://msdn2.microsoft.com/en-us/library/bb400877.aspx">Web Services and the .NET Framework</a><a title="Web Services Enhancements (WSE)&nbsp;" href="http://msdn2.microsoft.com/en-us/library/bb400879.aspx">Web Services Enhancements (WSE)</a><a title="Interoperability Resources&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms953966.aspx">Interoperability Resources</a><a title="UDDI SDK&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa286530.aspx">UDDI SDK</a><a title="Microsoft-Hosted Web Services&nbsp;" href="http://msdn2.microsoft.com/en-us/library/bb400882.aspx">Microsoft-Hosted Web Services</a><a title="Code Samples&nbsp;" href="http://msdn.microsoft.com/code/list/websrv.asp">Code Samples</a><a title="Downloads&nbsp;" href="http://msdn.microsoft.com/downloads/list/websrv.asp">Downloads</a></div><div id="ctl00$LibFrame$EyebrowMenu$ctl04_Anim" class="TFlyPopupAnimate"></div>
			</div>
			<div class="stat" style="position: relative; z-index: 0;" id="ctl00$LibFrame$EyebrowMenu$ctl05"><a title="Web Services Specifications" href="http://msdn2.microsoft.com/en-us/library/ms951274.aspx">Web Services Specifications<!--[if !IE]--><span class="rightpointer">▶</span><span class="downpointer">▾</span><!--[endif]--><!--[if IE]><span class="rightpointer">4</span><span class="downpointer" style="margin: 0 2px 0 3px">6</span><![endif]--></a><div id="ctl00$LibFrame$EyebrowMenu$ctl05_Popup" class="popup" style="overflow: auto; position: absolute; visibility: hidden; left: -10000px; height: 200px; width: 245px; top: 22px;">
					<a title="Specification Profiles Index Page&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951214.aspx">Specification Profiles Index Page</a><a title="Management Specifications Index Page&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951267.aspx">Management Specifications Index Page</a><a title="Messaging Specifications Index Page&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951268.aspx">Messaging Specifications Index Page</a><a title="Metadata Specifications Index Page&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951266.aspx">Metadata Specifications Index Page</a><a title="Reliable Messaging Specification Index Page&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951271.aspx">Reliable Messaging Specification Index Page</a><a title="Security Specification Index Page&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951273.aspx">Security Specification Index Page</a><a title="Transaction Specification Index Page&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951262.aspx">Transaction Specification Index Page</a><a title="XML Specifications Index Page&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951276.aspx">XML Specifications Index Page</a><a title="Technical Articles&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa186014.aspx">Technical Articles</a></div><div style="visibility: hidden; width: 12.35px; height: 10.1px; top: 22px; left: 0px;" id="ctl00$LibFrame$EyebrowMenu$ctl05_Anim" class="TFlyPopupAnimate"></div>
			</div>
			<div class="stat" style="position: relative;" id="ctl00$LibFrame$EyebrowMenu$ctl06"><a title="Technical Articles" href="http://msdn2.microsoft.com/en-us/library/aa186014.aspx">Technical Articles<!--[if !IE]--><span class="rightpointer">▶</span><span class="downpointer">▾</span><!--[endif]--><!--[if IE]><span class="rightpointer">4</span><span class="downpointer" style="margin: 0 2px 0 3px">6</span><![endif]--></a><div id="ctl00$LibFrame$EyebrowMenu$ctl06_Popup" class="popup" style="overflow: auto; position: absolute; visibility: hidden; left: -65534px; height: 200px; width: 556px;">
					<a title="Argument Against SOAP Encoding&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms995710.aspx">Argument Against SOAP Encoding</a><a title="Coordinating Web Services Activities with WS-Coordination, WS-AtomicTransaction, and WS-BusinessActivity&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996526.aspx">Coordinating Web Services Activities with WS-Coordination, WS-AtomicTransaction, and WS-BusinessActivity</a><a title="Don Box on the Importance of Being WSDL&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa480712.aspx">Don Box on the Importance of Being WSDL</a><a title="Federation of Identities in a Web Services World&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951235.aspx">Federation of Identities in a Web Services World</a><a title="Importance of Metadata: Reification, Categorization, and UDDI&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms953942.aspx">Importance of Metadata: Reification, Categorization, and UDDI</a><a title="An Introduction to the Web Services Architecture and Its Specifications&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996441.aspx">An Introduction to the Web Services Architecture and Its Specifications</a><a title="Reliable Message Delivery in a Web Services World: A Proposed Architecture and Roadmap&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951247.aspx">Reliable Message Delivery in a Web Services World: A Proposed Architecture and Roadmap</a><a title="RPC/Literal and Freedom of Choice&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996466.aspx">RPC/Literal and Freedom of Choice</a><a title="Secure, Reliable, Transacted Web Services: Architecture and Composition&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996535.aspx">Secure, Reliable, Transacted Web Services: Architecture and Composition</a><a title="Security in a Web Services World: A Proposed Architecture and Roadmap&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms977312.aspx">Security in a Web Services World: A Proposed Architecture and Roadmap</a><a title="Traversing the Tree: Using the get_relatedCategories API in UDDI Services&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms953950.aspx">Traversing the Tree: Using the get_relatedCategories API in UDDI Services</a><a title="Understanding GXA&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa479664.aspx">Understanding GXA</a><a title="Understanding SOAP&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms995800.aspx">Understanding SOAP</a><a title="Understanding WS-Policy&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996497.aspx">Understanding WS-Policy</a><a title="Understanding WS-Security&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms977327.aspx">Understanding WS-Security</a><a title="Understanding WS-Federation&nbsp;" href="http://msdn2.microsoft.com/en-us/library/bb498017.aspx">Understanding WS-Federation</a><a title="Understanding WSDL&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996486.aspx">Understanding WSDL</a><a title="Understanding XML Digital Signature&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996502.aspx">Understanding XML Digital Signature</a><a title="Web Services Specifications&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951274.aspx">Web Services Specifications</a><a title="WS-Addressing Additions and Updates&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996530.aspx">WS-Addressing Additions and Updates</a><a title="WS-Security AppNotes&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms951253.aspx">WS-Security AppNotes</a><a title="WS-Security: New Technologies Help You Make Your Web Services More Secure&nbsp;" href="http://msdn2.microsoft.com/en-us/library/aa686098.aspx">WS-Security: New Technologies Help You Make Your Web Services More Secure</a><a title="XML, SOAP, and Binary Data&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996427.aspx">XML, SOAP, and Binary Data</a><a title="XML Overview Towards Understanding SOAP&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996539.aspx">XML Overview Towards Understanding SOAP</a><a title="XML Web Services Basics&nbsp;" href="http://msdn2.microsoft.com/en-us/library/ms996507.aspx">XML Web Services Basics</a></div><div id="ctl00$LibFrame$EyebrowMenu$ctl06_Anim" class="TFlyPopupAnimate"></div>
			</div>
			<div class="stat"><strong>&nbsp;Understanding WS-Security</strong></div><span style="float: none; clear: both; display: block;"></span>
		</div>

                <div id="ctl00_LibFrame_Panel2" class="RightPanel">
			
                    <div id="ctl00_LibFrame_VsBar1" class="VsBar">
				
                        
                        <div id="ctl00_LibFrame_DdFilter1_DropDownFilterMain" class="DropDownFilterStyle"><img id="ctl00_LibFrame_DdFilter1_MTPS_DD_ImageArrow" title="Language Filter" class="MTPS_DropDownImage" onclick="DDFilterOn(event);" onmouseover="ChangeDropDownImage(true);" onmouseout="ChangeDropDownImage(false);" src="ms977327.aspx_files/Arrow-off.gif" alt="Language Filter" style="border-width: 0px;"><a id="ctl00_LibFrame_DdFilter1_Mtps_DropDownFilterText" title="Language Filter" class="DropDownFilterOff" onclick="DDFilterOn(event);" onmouseover="ChangeDropDownImage(true);" onmouseout="ChangeDropDownImage(false);" href="http://msdn2.microsoft.com/en-us/library/ms977327.aspx#Mtps_DropDownFilterText">Language Filter : All</a><div id="ctl00_LibFrame_DdFilter1_Mtps_DropDownPopUp" style="display: none;" class="MTPS_PopupDivPanel"><div class="DivCbxLabelLanguage">
					<input name="ctl00$LibFrame$DdFilter1$DropDownLngFilterCtrl" id="ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl" checked="checked" value="Visual Basic" arrayvalue="visualbasic" onclick="SetLangFilter(null);" type="checkbox"><span id="ctl00_LibFrame_DdFilter1_ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl_0" title="Visual Basic">Visual Basic<br></span>
				</div><div class="DivCbxLabelLanguage">
					<input name="ctl00$LibFrame$DdFilter1$DropDownLngFilterCtrl" id="ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl" checked="checked" value="C#" arrayvalue="csharp" onclick="SetLangFilter(null);" type="checkbox"><span id="ctl00_LibFrame_DdFilter1_ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl_1" title="C#">C#<br></span>
				</div><div class="DivCbxLabelLanguage">
					<input name="ctl00$LibFrame$DdFilter1$DropDownLngFilterCtrl" id="ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl" checked="checked" value="C++" arrayvalue="managedcplusplus" onclick="SetLangFilter(null);" type="checkbox"><span id="ctl00_LibFrame_DdFilter1_ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl_2" title="C++">C++<br></span>
				</div><div class="DivCbxLabelLanguage">
					<input name="ctl00$LibFrame$DdFilter1$DropDownLngFilterCtrl" id="ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl" checked="checked" value="J#" arrayvalue="jsharp" onclick="SetLangFilter(null);" type="checkbox"><span id="ctl00_LibFrame_DdFilter1_ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl_3" title="J#">J#<br></span>
				</div><div class="DivCbxLabelLanguage">
					<input name="ctl00$LibFrame$DdFilter1$DropDownLngFilterCtrl" id="ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl" checked="checked" value="JScript" arrayvalue="jscript" onclick="SetLangFilter(null);" type="checkbox"><span id="ctl00_LibFrame_DdFilter1_ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl_4" title="JScript">JScript<br></span>
				</div><div class="DivCbxLabelLanguage">
					<input name="ctl00$LibFrame$DdFilter1$DropDownLngFilterCtrl" id="ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl" checked="checked" value="XAML" arrayvalue="xaml" onclick="SetLangFilter(null);" type="checkbox"><span id="ctl00_LibFrame_DdFilter1_ctl00_LibFrame_DdFilter1_DropDownLngFilterCtrl_5" title="XAML">XAML<br></span>
				</div></div>
<script type="text/Javascript">
var ArrowOffPath="/msdn/Controls/DropDownFilter/en-us/Arrow-off.gif";
var ArrowOnPath="/msdn/Controls/DropDownFilter/en-us/Arrow-on.gif";
var strConstLangFilterAll ="All";
var strConstLangFilterMulti ="Multiple";
var strConstLangFilterNone ="None";
var strConstLangFilterText ="Language Filter";
var oMTPS_DD_ImgArrow = document.getElementById("ctl00_LibFrame_DdFilter1_MTPS_DD_ImageArrow");
var oMTPS_DD_PanelLink = document.getElementById("ctl00_LibFrame_DdFilter1_Mtps_DropDownFilterText");
var oMTPS_DD_Div = document.getElementById("ctl00_LibFrame_DdFilter1_DropDownFilterMain");
var oMTPS_DD_PopUpDiv = document.getElementById("ctl00_LibFrame_DdFilter1_Mtps_DropDownPopUp");
</script>
</div>
<script type="text/Javascript">
</script>

                    
			</div>
                    <div class="ContentArea">
                         
                                    
                                    <span id="ctl00_LibFrame_altSelector"></span>
                                    
                                
                        <div id="ctl00_LibFrame_MtpsContentPlaceholder1">
				<div class="topic"><div class="majorTitle">XML&nbsp;and&nbsp;Web&nbsp;Services&nbsp;Security</div><div class="title">Understanding WS-Security</div><!--Content type: PSDK_8. Transform: msdneditorial2mtps.xslt.--><a name="understw"><!----></a>  <div id="nstext" valign="bottom">&nbsp;
<p>Scott Seely<br>
Microsoft Corporation</p> <p>October 2002</p> <p>Applies to:<br>
&nbsp;&nbsp;&nbsp;Web Services Specifications (WS-Security, WS-Security Addendum)</p> <p><b>Summary: </b>This
article looks at how to use WS-Security to embed security within the
SOAP message itself, exploring the concerns WS-Security addresses:
authentication, signatures, and encryption. (14 printed pages)</p> <h4 class="dtH1">Contents</h4> <p><a href="#understw_topic1">Introduction</a><a href="#understw_topic2"><br>
Parallels in Daily Life</a><a href="#understw_topic3"><br>
Applying Existing Concepts to SOAP Messages</a><a href="#understw_topic4"><br>
WS-Security SOAP Header</a><a href="#understw_topic5"><br>
Conclusion</a><br> <a href="#understw_topic6">Resources</a></p> <h2 class="dtH1"><a name="understw_topic1"><!----></a>Introduction</h2> <p>Before
I explain what WS-Security is, I believe that it is important to
understand why WS-Security exists at all. Many people new to Web
services see SOAP as a way to exchange messages between two endpoints
over HTTP. Over HTTP, one can authenticate the caller, sign the
message, and encrypt the contents of the message. This makes the
message secure in several dimensions: the caller is known, the receiver
of the message can verify that the message did not change in transit,
and entities watching the wire traffic cannot figure out what data is
being exchanged. For those looking at SOAP messaging to solve bigger
problems, however, HTTP-based security simply isn't enough. Many of the
bigger problems involve sending the message along a path more
complicated than request/response or over a transport that does not
involve HTTP. The identity, integrity, and security of the message and
the caller need to be preserved over multiple hops. More than one
encryption key may be used along the route. Trust domains will be
crossed. HTTP and its security mechanisms only address point-to-point
security. More complex solutions need end-to-end security baked in.
WS-Security addresses how to maintain a secure context over a
multi-point message path.</p> <blockquote class="dtBlock"> <b class="le">Note</b>&nbsp;&nbsp;&nbsp;This article assumes that you are already familiar with <a onclick="javascript:Track('ctl00_LibFrame_ctl00|ctl00_LibFrame_ctl01',this);" href="http://www.w3.org/tr/xml-exc-c14n/">XML Canonicalization</a>, <a onclick="javascript:Track('ctl00_LibFrame_ctl00|ctl00_LibFrame_ctl02',this);" href="http://www.w3.org/signature/">XML Signature</a>, and <a onclick="javascript:Track('ctl00_LibFrame_ctl00|ctl00_LibFrame_ctl03',this);" href="http://www.w3.org/encryption/2001/">XML Encryption</a>.</blockquote> <p>WS-Security
addresses security by leveraging existing standards and specifications.
This avoids the necessity to define a complete security solution within
WS-Security. The industry has solved many of these problems. Kerberos
and X.509 address authentication. X.509 also uses existing PKI for key
management. XML Encryption and XML Signature describe ways of
encrypting and signing the contents of XML messages. XML
Canonicalization describes ways of making the XML ready to be signed
and encrypted. What WS-Security adds to existing specifications is a
framework to embed these mechanisms into a SOAP message. This is done
in a transport-neutral fashion.</p> <p>WS-Security defines a SOAP
Header element to carry security-related data. If XML Signature is
used, this header can contain the information defined by XML Signature
that conveys how the message was signed, the key that was used, and the
resulting signature value. Likewise, if an element within the message
is encrypted, the encryption information such as that conveyed by XML
Encryption can be contained within the WS-Security header. WS-Security
does not specify the format of the signature or encryption. Instead, it
specifies how one would embed the security information laid out by
other specifications within a SOAP message. WS-Security is primarily a
specification for an XML-based security metadata container. </p> <p>What
does WS-Security do, beyond leveraging other existing protocols for
message authentication, integrity, and privacy? It specifies a
mechanism for transferring simple user credentials via the <b>UsernameToken</b> element. To send binary tokens that were used for encryption or signing the message, a <b>BinarySecurityToken</b>
is also defined. Within this header, messages can store information
about the caller, how the message was signed, and how the message was
encrypted. WS-Security presents an end-to-end solution for Web service
security by keeping all security information in the SOAP part of the
message. </p> <p>In this article, we will take a look at how to use
WS-Security and friends to embed security within the SOAP message
itself. We will look at the concerns WS-Security addresses:
</p><ul type="disc"> <li>Authentication</li> <li>Signatures</li> <li>Encryption</li> </ul> <p>This triad addresses the main concerns of security and answers the questions:

</p><ul type="disc"> <li>Who am I authorizing?</li> <li>Was the message modified between hops?</li> <li>Did this message come from whom I think it came from?</li> <li>How do I hide things I only want certain parties to see?</li> </ul> <p>To begin with, let's look at some analogies seen in every day life.</p> <h2 class="dtH1"><a name="understw_topic2"><!----></a>Parallels in Daily Life</h2> <p>To
understand what WS-Security is trying to do, I first want to take a
look at a real-world parallel. Specifically, when and how do you use
credentials in everyday life? After all, in day-to-day living you use
credentials all the time. If someone asks you to prove your age, you
dig into your wallet and pull out a driver's license. When you go to
pay for an item without using currency, a credit card is used to
identify you to the credit agency. When crossing a country's border or
while in a foreign country, a passport vouches for your identity. All
of these items are credentials. They assert that the owner of the
credit card, driver's license, or passport is the person named on the
document. They do not authenticate your identity, though.
Authentication is an action that a document cannot perform. In the
world of paper documents, people perform authentication. How does that
side of authentication work?</p> <p>When you present a driver's license
or passport, a person reading the documents performs a few different
actions to verify that the documents are real and that you are the
rightful owner of those documents:
</p><ul type="disc"> <li>Both documents contain a picture of the
registered holder of the document as well as other identifying
characteristics: height, weight, and eye color. The person reading the
document can make sure you look like the person shown and described by
the document.</li> <li>The documents expire on a regular basis. This is done so that up to date descriptive data is on the document.</li> <li>The
documents contain a signature that can be compared against the
signature of the person presenting the documents. The difficulty of
accurately reproducing another person's signature makes this a
reasonable way to check identity when used in combination with the
description of the person.</li> </ul> <p>These documents have other
important properties as well. They have marking that allow someone to
quickly verify that the documents are genuine. The documents themselves
are granted by organizations that we trust to provide valid identity
information: local and national governments. I mentioned credit cards
too. These are different from a driver's license or passport. </p><ul type="disc"> <li>They are issued by banks, not governments.</li> <li>They only contain a signature and a name to identify the card holder.</li> <li>They can only be used to verify identity in the presence of another supporting document such as a government issued ID.</li> </ul> <p>What does something like a credit card do then?</p> <p>Credit
cards typically rely on only using a signature for authentication. Some
cards include photos to make authentication a little more solid.
Because of the weak authentication provided by credit cards, many
establishments will ask to see a government issued ID with the credit
card. In terms of security, when you present the credit card, you
assert that you have the right to charge goods and services and that
the organization that gave you the credit card will pay the merchant.
The merchant can validate your identity as the valid cardholder by
comparing your government-issued photo ID to your physical person. (Of
course, if you perform the transaction over the phone or the Internet,
this part of my argument falls apart, but it suffices to state that
other mechanisms exist to protect you in these arenas as well.)</p> <h2 class="dtH1"><a name="understw_topic3"><!----></a>Applying Existing Concepts to SOAP Messages</h2> <p>WS-Security
seeks to move a lot of these concepts about identification and
authorization into the world of SOAP messaging. In order to do
something meaningful with a SOAP message, that message must contain
information that does the following things:
</p><ul type="disc"> <li>Identify the entity or entities involved with the message.</li> <li>Prove that the entities have the correct group memberships.</li> <li>Prove that the entities have the correct set of access rights.</li> <li>Prove that the message has not changed.</li> </ul> <p>Finally,
we also want a mechanism that would hide information from unauthorized
parties. In the world of personal identification, I prove who I am with
my driver's license or passport. I prove that I have certain rights
through membership cards. In my wallet, I have cards that allow me to
charge goods and services, check out books from the library, direct
medical bills to my insurance provider, and receive discounts at local
grocery stores. WS-Security allows me to apply the same concepts to
SOAP messages. Using security tokens to identify the caller and assert
its rights, a message could convey the following information:
</p><ul type="disc"> <li>Caller identity: I am Joe User. </li> <li>Group membership: I am a ColdRooster.com developer. </li> <li>Rights
assertions: Because I am a ColdRooster.com developer, I can create
databases and add Web applications to the ColdRooster.com machines. </li> </ul> <p>To
create a message that can create a new database on the ColdRooster.com
servers using an authentication technology such as Kerberos, the
application would have to acquire a number of security tokens. To start
with, the application creating the message would need to acquire a
security token that identifies it as acting on behalf of Joe User. Joe
User provides that token when he logs in via a username/password or by
using a smart card. Assuming that the security infrastructure uses
Kerberos, the environment Joe is using has a Key Distribution Center
that grants Joe a Ticket Granting Ticket (TGT) when he logs in. When
Joe decides to create a new database on ColdRooster.com, the
environment goes to a Ticket Granting Service and requests a Service
Ticket that shows that Joe has the right to create a new database on
ColdRooster.com. The environment takes that Service Ticket (ST) and
presents it to the database server at ColdRooster.com. That database
server validates the ticket and then allows Joe to create the new
process.</p> <p>WS-Security seeks to encapsulate the security
interactions described above within a set of SOAP Headers. WS-Security
handles credential management in two ways. It defines a special
element, <b>UsernameToken</b>, to pass the username and password if
the Web service is using custom authentication. WS-Security also
provides a place to provide binary authentication tokens such as
Kerberos Tickets and X.509 Certifications: BinarySecurityToken. </p> <p>Figure 1 depicts what will become a fairly common message flow.</p> <p class="fig"><img alt="" src="ms977327.aspx_files/ms977327.gif" border="0"></p> <p class="label"><b>Figure 1. Typical message flow.</b></p> <p>The
Security Token service might be Kerberos, PKI, or a username/password
validation service. This service may not be Web service-based. Indeed,
a Kerberos service ticket granting service might be accessed through
the Kerberos protocols using operating system security functions. Once
the client gets the tokens it wants to use in the message, the client
will embed those tokens within the message. The client should sign the
message with a piece of data that only they know. The server will be
able to deduce the signature in a number of ways. If the client is
using a <b>UsernameToken</b> for authentication, the client should
send a hashed password and sign the message using that password. The
server will be able to verify that the client sent the message if the
signatures it generates for the message match the signatures contained
in the message. </p> <p>When using X.509 certificates, the message can be signed using the private key. The message should contain the certificate in a <b>BinarySecurityToken</b>.
When using X.509, anyone who knows the X.509 public key can verify the
signature. Finally, when using Kerberos, the message could be signed or
encrypted with a session key embedded in the Kerberos ticket. Because
the Kerberos ticket will be keyed for the receiver of the token, only
the receiver will be able to decrypt the ticket, discover the session
key, and verify the signature. </p> <p>It is critical that SOAP
messages be signed or encrypted if authentication is important. Why? It
isn't enough that a valid identity token is added to a message. These
tokens can be lifted from a valid message and added to messages used by
attackers. There needs to be evidence that the identity used in the
message created the message. Without using XML Signature and signing
the message, you cannot tell that the message has not been changed or
that the identity token has not been abused.</p> <p>At this point, I think you understand what WS-Security does. Let's dig a little deeper and look at how.</p> <h2 class="dtH1"><a name="understw_topic4"><!----></a>WS-Security SOAP Header</h2> <p>Starting
in this section and continuing throughout the rest of the article, I
will be using XML snippets. So that I don't have to show XML Namespace
declarations all over and muddy the snippets, I will use the following
XML Namespaces:</p> <p class="label"><b>Table 1: XML Namespaces</b></p> <div class="tablediv"><table class="dtTABLE"> <tbody><tr valign="top"> <td width="20%">Namespace </td> <td width="22%">Description</td> <td width="58%">Namespace URI</td> </tr> <tr valign="top"> <td width="20%">Xs</td> <td width="22%">XML Schema</td> <td width="58%">http://www.w3.org/2001/XMLSchema</td> </tr> <tr valign="top"> <td width="20%">Wsse</td> <td width="22%">WS-Security</td> <td width="58%">http://schemas.xmlsoap.org/ws/2002/07/secext</td> </tr> <tr valign="top"> <td width="20%">Wsu</td> <td width="22%">Utility elements</td> <td width="58%">http://schemas.xmlsoap.org/ws/2002/07/utility</td> </tr> <tr valign="top"> <td width="20%">Soap</td> <td width="22%">SOAP elements</td> <td width="58%">http://schemas.xmlsoap.org/soap/envelope/</td> </tr> </tbody></table></div> <p>The
WS-Security specification defines a new SOAP header. To understand what
the WS-Security SOAP header contains, I think it would be helpful to
look at the schema fragment for the element first. </p> <div class="code" id="ctl00_LibFrame_ctl04_"><div class="CodeSnippetTitleBar"><div class="CodeDisplayLanguage"></div></div><pre class="code" id="ctl00_LibFrame_ctl04" space="preserve">&lt;xs:element name="Security"&gt;
    &lt;xs:complexType&gt;
        &lt;xs:sequence&gt;
        &lt;xs:any processContents="lax" 
            minOccurs="0" maxOccurs="unbounded"&gt;
        &lt;/xs:any&gt;
        &lt;/xs:sequence&gt;
        &lt;xs:anyAttribute processContents="lax"/&gt;
    &lt;/xs:complexType&gt;
&lt;/xs:element&gt;
</pre></div> <p>As you can see, the Security header element allows any
XML element or attribute to live within it. This allows the header to
adapt to whatever security mechanisms your application needs. If this
sounds a little odd, think about how the SOAP header and body work. The
header and body both can contain a collection of XML elements. The SOAP
specification makes few claims about the contents of these elements
other than the fact that they cannot contain XML processing
instructions. </p> <p>WS-Security needs this type of structure because
of what the header must do. It must be able to carry multiple security
tokens to identify the caller's rights and identity. If the message is
signed, the header must contain information about how it was signed and
where the information regarding the key is stored. The key may be in
the message or stored elsewhere and merely referenced. Finally,
information about encryption must also be able to be carried in this
header. </p> <p>So, how does an intermediary know which WS-Security
header it owns? A SOAP message may contain multiple WS-Security
headers. Each header is identified by a unique actor. No two
WS-Security headers can use the same actor or omit the actor. This
makes it easy for intermediaries to identify which WS-Security headers
contain the information they need. Of course, the intermediary does
need to know which actor URI it handles. Associating a URI with an
actor and making sure that the intermediary knows what to do is
something that must be handled via programming. The actor attribute in
any SOAP header is meant to say "this header is meant for any endpoint
acting in the capacity indicated by the actor URI." What gives that URI
meaning? The team that architects the Web service gives meaning to the
URI. This means that an intermediary may act in varying capacities. As
a result, that intermediary may consume zero, one, or more headers.
Yes, it may even consume multiple security headers. </p> <h3 class="dtH1">WS-Security Addendum</h3> <p>After
evaluating WS-Security for a little while, a number of items came out
that needed to be made clearer for security in particular. Also,
additional items needed to be specified for Web services in general.
The parts of the addendum that apply to security are covered throughout
the article. In this section, I want to take a look at two items that
are not specific to security: <b>wsu:Id </b>and <b>wsu:Timestamp</b>. The addendum specifies exactly what these two items do and how they should be used.</p> <h4 class="dtH1">wsu:Id</h4> <p>The <b>Id</b>
attribute uses the XML Schema ID type. This element was added to
simplify processing for Web service intermediaries as well as
receivers. The value of this attribute must not be duplicated elsewhere
in the document. The addendum does not go into more detail about how
the element should be used other than as a unique identifier in GXA
specifications. The door is left wide open to allow other
specifications to restrict the usage of <b>Id</b>. </p> <h4 class="dtH1">wsu:Timestamp</h4> <p>A
common concern in message-oriented systems relates to the timeliness of
data. If the data is too old, it may get thrown out. If two
contradicting messages arrive, the related timestamps may be used to
decide which message gets executed and which one is ignored. To handle
the time-related issues that showed up in WS-Security and that will
show up in other GXA specifications, the <b>wsu:Timestamp </b>element, along with a few helper elements, was defined. </p> <p>The
interesting events in a message's life are the time it was created, the
time the sender wants the message to expire, and the time that the
message was received. By knowing the creation and expiration time, a
receiver can decide if the data is new enough for its own use or if the
data has become so stale that the message should be discarded. The
elements that convey this data are:
</p><ul type="disc"> <li><b>wsu:Created</b>: Contains the time that the message was created.</li> <li><b>wsu:Expires</b>: Set by a sender or intermediary, this identifies when the message expires.</li> <li><b>wsu:Received</b>: Explains when the message was received by a particular intermediary. </li> </ul> <p>All of the above elements may appear independently or as part of a <b>wsu:Timestamp </b>element. Each may contain a <b>wsu:Id</b> attribute to uniquely identify the item. By default, these timestamps express the time as an <b>xs:dateTime</b>
type. To allow flexibility for other, nonstandard time stamps that may
be meaningful in other problem domains, each of these items also
contains an attribute named <b>ValueType</b>. This attribute does not need to appear if the time is expressed as <b>xs:dateTime</b>. </p> <p>The <b>wsu:Received</b> element allows for two extra attributes not found on <b>wsu:Created</b> or <b>wsu:Expires</b>. The element can express the URI of the actor it is related to, using the <b>Actor</b> attribute and the amount of delay, in milliseconds, caused by the actor using the <b>Delay</b> attribute. </p> <p>As I mentioned, you can use the <b>wsu:Received</b>, <b>wsu:Created</b>, and <b>wsu:Expires </b>elements within other structures. For example, it may be common to see the <b>wsu:Created </b>element
to indicate when a particular element was added to the message. When
indicating more information about a message and using more than one of
these elements at a time, the elements can be wrapped inside of a <b>wsu:Timestamp</b>
element. Each of three elements may only appear once within a
timestamp. The timestamp may used on the message as a whole, in which
case it appears as a child of the <b>soap:Header</b> node. For example, a message could indicate it was valid for the next five minutes using the following <b>wsu:Timestamp </b>header. </p> <div class="code" id="ctl00_LibFrame_ctl05_"><div class="CodeSnippetTitleBar"><div class="CodeDisplayLanguage"></div></div><pre class="code" id="ctl00_LibFrame_ctl05" space="preserve">&lt;wsu:Timestamp&gt;
    &lt;wsu:Created wsu:Id=
        "Id-2af5d5bd-1f0c-4365-b7ff-010629a1256c"&gt;
            2002-08-19T16:15:31Z
    &lt;/wsu:Created&gt;
    &lt;wsu:Expires wsu:Id=
        "Id-4c337c65-8ae7-439f-b4f0-d18d7823e240"&gt;
            2002-08-19T16:20:31Z
    &lt;/wsu:Expires&gt;
&lt;/wsu:Timestamp&gt;
</pre></div> <p>At this point, I believe that you have enough
background information to dig into how authentication, signing, and
encryption work with WS-Security. </p> <h3 class="dtH1">Authentication</h3> <p>WS-Security
provides for an infinite number of ways to validate a user. The
specification addresses three methods from that infinite number:
</p><ul type="disc"> <li>Username/Password</li> <li>PKI through X.509 Certificates</li> <li>Kerberos</li> </ul> <p>In
this section, we will look at how each of these authentication methods
works and how that information is encoded into a SOAP message.</p> <h4 class="dtH1">Username/Password</h4> <p>One
of the most common ways to pass around caller credentials is to use a
username and password combination. This is a technique used in HTTP
Basic and Digest authentication. As a matter of fact, if you are
familiar with how HTTP Digest authentication works, you will feel right
at home with this authentication mechanism. To pass user credentials in
this manner, WS-Security has defined the <b>UsernameToken</b> element. Schema for the element is as follows:</p> <div class="code" id="ctl00_LibFrame_ctl06_"><div class="CodeSnippetTitleBar"><div class="CodeDisplayLanguage"></div></div><pre class="code" id="ctl00_LibFrame_ctl06" space="preserve">&lt;xs:element name="UsernameToken"&gt;
    &lt;xs:complexType&gt;
        &lt;xs:sequence&gt;
            &lt;xs:element ref="Username"/&gt;
            &lt;xs:element ref="Password" minOccurs="0"/&gt;
        &lt;/xs:sequence&gt;
        &lt;xs:attribute name="Id" type="xs:ID"/&gt;
        &lt;xs:anyAttribute namespace="##other"/&gt;
    &lt;/xs:complexType&gt;
&lt;/xs:element&gt;
</pre></div> <p>This schema fragment references two other types: <b>Username</b> and <b>Password</b>. These two types are essentially strings that may contain extra attributes as needed. <b>Password</b> contains an attribute named <b>Type</b>
that indicates how the password is being passed around. A password can
be passed as plain text or in digest format. When passing a <b>UsernameToken</b> in a SOAP message, the XML may come across as something like this:</p> <div class="code" id="ctl00_LibFrame_ctl07_"><div class="CodeSnippetTitleBar"><div class="CodeDisplayLanguage"></div></div><pre class="code" id="ctl00_LibFrame_ctl07" space="preserve">&lt;wsse:UsernameToken&gt;
    &lt;wsse:Username&gt;scott&lt;/wsse:Username&gt;
    &lt;wsse:Password Type="wsse:PasswordText"&gt;password&lt;/wsse:Password&gt;
&lt;/wsse:UsernameToken&gt;
</pre></div> <p>What you see here is an example of the password being
sent as plain text. This particular solution looks pretty easy to
break. If you want the password sent in a more secure manner, you can
send it is as a digest hash. </p> <div class="code" id="ctl00_LibFrame_ctl08_"><div class="CodeSnippetTitleBar"><div class="CodeDisplayLanguage"></div></div><pre class="code" id="ctl00_LibFrame_ctl08" space="preserve">&lt;wsse:UsernameToken&gt;
    &lt;wsse:Username&gt;scott&lt;/wsse:Username&gt;
    &lt;wsse:Password Type="wsse:PasswordDigest"&gt;
        KE6QugOpkPyT3Eo0SEgT30W4Keg=&lt;/wsse:Password&gt;
    &lt;wsse:Nonce&gt;5uW4ABku/m6/S5rnE+L7vg==&lt;/wsse:Nonce&gt;
    &lt;wsu:Created xmlns:wsu=
        "http://schemas.xmlsoap.org/ws/2002/07/utility"&gt;
            2002-08-19T00:44:02Z
    &lt;/wsu:Created&gt;
&lt;/wsse:UsernameToken&gt;
</pre></div> <p>This adds a bit more security because the password is
now obscured using a SHA1 hash. The password digest is the
concatenation of the nonce plus the creation time plus the password.
The nonce is 16 bytes long and is passed along as a base64 encoded
value. The way this works is that the client creates the password hash
using all of this information plus the password. The receiver verifies
the data by getting the plain password and creating the hash again. If
the results agree, the password must be correct. This protection does
not protect against replay attacks. If you use it, make sure to also
include a <b>wsu:Timestamp</b> header with a small enough time window for the created and expired values. Then, sign the <b>wsu:Timestamp</b>
elements within the message so that any tampering with the timestamp
can be detected. Otherwise, an attacker could use the complete <b>UsernameToken</b>
to attack your Web service. To defend against a replay attack, you will
also need to include a mechanism that tracks some unique characteristic
of the incoming messages. This mechanism needs to save this
characteristic in a cache for at least the timeout period of the
message. </p> <h4 class="dtH1">X.509 Certificates</h4> <p>Another
option to use when authenticating users is to simply send around an
X.509 certificate. An X.509 certificate tells you exactly who the user
is. Using PKI, you can map the certificate to an existing user in your
application. Using the certificate on its own would make for some
pretty easy replay attacks. As a result, it's a good idea to force the
message sender to also sign the message using their private key. That
way, when the message gets decrypted, you'll know it is really the
user. </p> <p>When a message does send along an X.509 certificate, it
will pass the public version of the certificate in a WS-Security token
named <b>BinarySecurityToken</b>. The certificate itself gets sent along as base64 encoded data. The <b>BinarySecurityToken</b> has the following schema:</p> <div class="code" id="ctl00_LibFrame_ctl09_"><div class="CodeSnippetTitleBar"><div class="CodeDisplayLanguage"></div></div><pre class="code" id="ctl00_LibFrame_ctl09" space="preserve">&lt;xs:element name="BinarySecurityToken"&gt;
    &lt;xs:complexType&gt;
        &lt;xs:simpleContent&gt;
            &lt;xs:extension base="xs:string"&gt;
                &lt;xs:attribute name="Id" type="xs:ID" /&gt;
                &lt;xs:attribute name="ValueType" type="xs:QName" /&gt;
                &lt;xs:attribute name="EncodingType" type="xs:QName" /&gt;
                &lt;xs:anyAttribute namespace="##other" 
                    processContents="strict" /&gt;
            &lt;/xs:extension&gt;
        &lt;/xs:simpleContent&gt;
    &lt;/xs:complexType&gt;
&lt;/xs:element&gt;
</pre></div> <p>At its most basic, this item contains a string, a
unique identifier, and some information indicating what type of value
is included and how it was encoded. The <b>ValueType</b> may be any of the following values, defined by the <b>ValueTypeEnum</b> in the WS-Security schema document:

</p><ul type="disc"> <li><b>wsse:X509v3</b>: An X.509, version 3 certificate.</li> <li><b>wsse:Kerberosv5TGT</b>: A ticket granting ticket as defined by section 5.3.1 of the Kerberos specification. </li> <li><b>wsse:Kerberosv5ST</b>: A service ticket as defined by section 5.3.1 of the Kerberos specification. </li> </ul> <p>If this information on Kerberos doesn't make any sense to you, I'll explain it a little better in the next section. The <b>EncodingType</b>
is another enumeration. If it is set to wsse:Base64Binary or
wsse:HexBinary. As you might guess, this value simply indicates which
encoding method was used. In a WS-Security header, this element would
look something like this when passing an X.509 certificate:</p> <div class="code" id="ctl00_LibFrame_ctl10_"><div class="CodeSnippetTitleBar"><div class="CodeDisplayLanguage"></div></div><pre class="code" id="ctl00_LibFrame_ctl10" space="preserve">&lt;wsse:BinarySecurityToken 
    ValueType="wsse:X509v3" 
    EncodingType="wsse:Base64Binary" 
    Id="SecurityToken-f49bd662-59a0-401a-ab23-1aa12764184f"
&gt;MIIHdjCCB...&lt;/wsse:BinarySecurityToken&gt;
</pre></div> <p>Remember, when you use an X.509 certificate, you want
to do something else as well, such as sign the message. The signature,
created using the certificate's private key, proves that the client is
the rightful owner of the certificate. Such a message could be
replayed. To help mitigate the problems around replays, you would
institute a policy that states how old a message can be before it is
ignored. The time should travel in a <b>wsu:Timestamp</b> element that is shipped as a SOAP Header within the message.  </p> <h4 class="dtH1">Kerberos</h4> <p>To
use Kerberos, a user presents a set of credentials such as
username/password or an X.509 certificate. If everything checks out,
the security system grants the user a ticket granting ticket (TGT). The
TGT is an opaque piece of data that the user cannot read but must
present in order to access other resources. The user will typically
present the TGT in order to get a service ticket (ST). The way the
system works is as follows:
</p><ol type="1"> <li>A client authenticates to a Key Distribution Center (KDC) and is granted a TGT.</li> <li>The client takes the TGT and uses it to access a Ticket Granting Service (TGS). </li> <li>The client requests an ST for a particular network resource. The TGS then issues the ST to the client.</li> <li>The client presents the ST to the network resource and begins accessing the resource with the permissions the ST indicated.</li> </ol> <p>Kerberos
is appealing because it contains a mechanism for the client to prove
their identity to a service and for the service to prove their identity
to the client. The ST is only good for accessing the one network
resource and can be used to discover who the caller is. When presenting
a Kerberos ticket in a message, the data needs to be blindly copied
into the message itself. WS-Security does not explain how a TGT or ST
is obtained. </p> <h3 class="dtH1">Signing</h3> <p>When a message is
signed, it is nearly impossible to tamper with the message. Message
signing does not protect the message itself from external parties
seeing its contents. Using the signature, the receiver of the SOAP
message can know that the signed elements have not changed en route.
You should use XML Signature to sign messages whenever possible. Why?
XML Signature already handles a number of the tougher items to figure
out. WS-Security simply explains how to use signing to prove that the
message has not changed. All three of the authentication mechanisms
mentioned above provides a way to sign the message so that you can be
sure of two things:
</p><ul type="disc"> <li>The user identified by the X.509 certificate, <b>UsernameToken</b>, or Kerberos ticket signed the message.</li> <li>The message has not been tampered with since it was signed.</li> </ul> <p>Each
of the methods provides a secret that can be used to sign the message.
X.509 allows the sender to sign the message using their private key.
Kerberos provides a session key that the sender creates and transmits
in the ticket. Only the intended receiver of that message can read the
ticket, discover the session key, and verify the authenticity of the
signature. Finally, the <b>UsernameToken</b> could be signed using the password. </p> <p>The
signature is generated using XML Signature. To sign a simple message
such as "Hello World," almost every element in the message needs to be
individually signed. <b>wsu:Timestamp </b>presents an interesting problem because an intermediary may add a <b>wsu:Received </b>element to <b>wsu:Timestamp</b>.
Every time an element changes, the signature needs to be updated or
else things won't look right. Why? If the content changes, the
signature should not match. Within a SOAP Message, the signatures and
required extra data add quite a bit of extra information. </p> <h3 class="dtH1">Encryption</h3> <p>There
are times when proving the message sender's identity and showing that
the message was not changed is not enough. If you send a credit card
number or bank account number in a plain-text but signed manner, an
attacker can actually verify that no other attackers have changed the
contents of the message. As a result, they have a high confidence that
the data is valid. That's no good for you, is it? Instead, you'd like
the data encrypted in such a way that only the intended message
recipient can read the message. Anyone watching the wire exchange
should remain oblivious to the contents of the message. As with signing
messages, the WS-Security specification does the right thing and adopts
a standard that already exists and does the job of encryption well.
That's right, they incorporated XML Encryption. </p> <p>When you
encrypt data, you can choose to use either symmetric or asymmetric
encryption. Symmetric encryption requires a shared secret. That is, the
key that is used to encrypt the message is the same key that you would
use to decrypt the message. Symmetric encryption is good if you control
both endpoints and can trust the people and applications that use the
keys. Symmetric encryption does have a problem with key distribution.
At some point in time, the key needs to be sent to the receiver. How do
you do this? Do you ship a disk in the mail or negotiate the key when
it is needed? Both options will work.</p> <p>If you need to send data
using easily distributed keys, look to asymmetric encryption. X.509
certificates allow for this. The endpoint receiving the data can
publicly post its certificate and allow anyone and everyone to encrypt
information using the public key. Only the receiver will know the
private key. Because of this, only the receiver can take the encrypted
data and turn it back into something readable. </p> <p>So, what would
an encrypted message look like? If you are using Triple-DES, both the
sender and receiver would have to exchange the key in some secure
manner. The symmetric key can be hidden inside a Kerberos ticket, or
exchanged out of band. The WS-Security-based message with embedded XML
Encryption information would look something like this:</p> <div class="code" id="ctl00_LibFrame_ctl11_"><div class="CodeSnippetTitleBar"><div class="CodeDisplayLanguage"></div></div><pre class="code" id="ctl00_LibFrame_ctl11" space="preserve">&lt;?xml version="1.0" encoding="utf-8" ?&gt;
&lt;soap:Envelope 
    xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"&gt;
    &lt;soap:Header    
        xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
        xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"&gt;
        &lt;wsu:Timestamp&gt;
            &lt;wsu:Created 
                wsu:Id="Id-3beeb885-16a4-4b65-b14c-0cfe6ad26800"
                &gt;2002-08-22T00:26:15Z&lt;/wsu:Created&gt;
            &lt;wsu:Expires 
                wsu:Id="Id-10c46143-cb53-4a8e-9e83-ef374e40aa54"
                &gt;2002-08-22T00:31:15Z&lt;/wsu:Expires&gt;
        &lt;/wsu:Timestamp&gt;
        &lt;wsse:Security soap:mustUnderstand="1" &gt;
            &lt;xenc:ReferenceList&gt;
                &lt;xenc:DataReference 
        URI="#EncryptedContent-f6f50b24-3458-41d3-aac4-390f476f2e51" /&gt;
            &lt;/xenc:ReferenceList&gt;
            &lt;xenc:ReferenceList&gt;
                &lt;xenc:DataReference 
        URI="#EncryptedContent-666b184a-a388-46cc-a9e3-06583b9d43b6" /&gt;
            &lt;/xenc:ReferenceList&gt;
        &lt;/wsse:Security&gt;
    &lt;/soap:Header&gt;
    &lt;soap:Body&gt;
        &lt;xenc:EncryptedData 
            Id="EncryptedContent-f6f50b24-3458-41d3-aac4-390f476f2e51" 
            Type="http://www.w3.org/2001/04/xmlenc#Content"&gt;
            &lt;xenc:EncryptionMethod Algorithm=
                "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /&gt;
            &lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
                &lt;KeyName&gt;Symmetric Key&lt;/KeyName&gt;
            &lt;/KeyInfo&gt;
            &lt;xenc:CipherData&gt;
                &lt;xenc:CipherValue
                &gt;InmSSXQcBV5UiT...  Y7RVZQqnPpZYMg==&lt;/xenc:CipherValue&gt;
            &lt;/xenc:CipherData&gt;
        &lt;/xenc:EncryptedData&gt;
    &lt;/soap:Body&gt;
&lt;/soap:Envelope&gt;
</pre></div> <p>The preceding message contains information about what
data was encrypted as well as how the encryption was performed. For
anyone who does not have access to the key, the cipher text inside the <b>soap:Body</b> cannot be decrypted. </p> <p>When
performing asymmetric encryption, the private key needs to be known to
the receiver of the message in order to decrypt that message.
Exchanging the public key has to be figured out ahead of time. </p> <h2 class="dtH1"><a name="understw_topic5"><!----></a>Conclusion</h2> <p>WS-Security
allows for a SOAP message to identify the caller, sign the message, and
encrypt message contents. Whenever possible, existing specifications
are reused to reduce the amount of invention required to securely
deliver a SOAP message. Because all of the information is delivered
within the message itself, the message becomes transport neutral. The
message would be secure if it was delivered by HTTP, e-mail, or on
CD-ROM. </p> <h2 class="dtH1"><a name="understw_topic6"><!----></a>Resources</h2> <ul type="disc"> <li><a onclick="javascript:Track('ctl00_LibFrame_ctl00|ctl00_LibFrame_ctl12',this);" href="http://www.w3.org/tr/xml-exc-c14n/">Canonicalization</a></li> <li><a onclick="javascript:Track('ctl00_LibFrame_ctl00|ctl00_LibFrame_ctl13',this);" href="http://www.w3.org/signature/">Signature</a></li> <li><a onclick="javascript:Track('ctl00_LibFrame_ctl00|ctl00_LibFrame_ctl14',this);" href="http://www.w3.org/encryption/2001/">Encryption</a></li> <li><a onclick="javascript:Track('ctl00_LibFrame_ctl00|ctl00_LibFrame_ctl15',this);" href="http://msdn2.microsoft.com/en-us/library/ms951257.aspx">WS-Security Specification</a></li> <li><a onclick="javascript:Track('ctl00_LibFrame_ctl00|ctl00_LibFrame_ctl16',this);" href="http://msdn2.microsoft.com/en-us/library/ms951252.aspx">WS-Security Addendum</a></li> </ul>  </div> </div>
			</div>
                        
                    </div>

                    
                  <br style="clear: both;">
                
		</div>
                <div id="footer">
                

<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
	<td id="ctl00_LibFrame_FooterControl1_FooterFadeCell" class="MTPS_FooterFade_msdn">
		<div id="ctl00_LibFrame_FooterControl1_SiteLinks" class="MTPS_FooterLinks_msdn">
			<a onclick="javascript:Track('ctl00_LibFrame_FooterControl1_SiteLinks|ctl00_LibFrame_FooterControl1_LocalFooterLink0',this);" title="Manage Your Profile" href="http://go.microsoft.com/?linkid=317027">Manage Your Profile</a>&nbsp;|&nbsp;<a onclick="javascript:Track('ctl00_LibFrame_FooterControl1_SiteLinks|ctl00_LibFrame_FooterControl1_LocalFooterLink1',this);" title="Legal" href="http://www.microsoft.com/legal/">Legal</a>&nbsp;|&nbsp;<a onclick="javascript:Track('ctl00_LibFrame_FooterControl1_SiteLinks|ctl00_LibFrame_FooterControl1_LocalFooterLink2',this);" title="Contact Us" href="http://go.microsoft.com/?linkid=2028439">Contact Us</a>&nbsp;|&nbsp;<a onclick="javascript:Track('ctl00_LibFrame_FooterControl1_SiteLinks|ctl00_LibFrame_FooterControl1_LocalFooterLink3',this);" title="MSDN Flash Newsletter" href="http://msdn.microsoft.com/flash/">MSDN Flash Newsletter</a>
		</div>
		<span id="ctl00_LibFrame_FooterControl1_MSFT_copyright" title="© 2007  Microsoft Corporation. All rights reserved." class="MTPS_FooterCopyright_msdn">© 2007  Microsoft Corporation. All rights reserved.</span>
		
		<a id="ctl00_LibFrame_FooterControl1_MSFT_Terms" title="Terms of Use" class="MTPS_FooterLinks_msdn" href="http://www.microsoft.com/info/cpyright.mspx">Terms of Use</a>
		&nbsp;|&nbsp;		
		<a id="ctl00_LibFrame_FooterControl1_MSFT_Trademarks" title="Trademarks" class="MTPS_FooterLinks_msdn" href="http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx">Trademarks</a>		
		&nbsp;|&nbsp;
		<a id="ctl00_LibFrame_FooterControl1_MSFT_PrivacyStatement" title="Privacy Statement" class="MTPS_FooterLinks_msdn" href="http://www.microsoft.com/info/privacy.mspx">Privacy Statement</a>
	</td>
		
	<td id="ctl00_LibFrame_FooterControl1_FooterLogoCell" class="MTPS_FooterLogo_msdn">
		<img id="ctl00_LibFrame_FooterControl1_MSFT_LOGO" title="Microsoft Corporation" src="ms977327.aspx_files/msdnmslogo.jpg" alt="Microsoft Corporation" style="border-width: 0px;">
	</td>
		
</tr>
</tbody></table>


                </div>
            
	</div>

</div>
<div id="ctl00_LibFrame_overlay" class="OverlayHidden" style="height: 100%; width: 100%;">
	
&nbsp;

</div>

    

<script type="text/javascript">
<!--

WebForm_InitCallback();var ctl00_NavigationTabStrip_ScopeMenu_Data = new Object();
ctl00_NavigationTabStrip_ScopeMenu_Data.disappearAfter = 500;
ctl00_NavigationTabStrip_ScopeMenu_Data.horizontalOffset = -102;
ctl00_NavigationTabStrip_ScopeMenu_Data.verticalOffset = 17;
ctl00_NavigationTabStrip_ScopeMenu_Data.hoverClass = 'ctl00_NavigationTabStrip_ScopeMenu_9 scopeHover';
ctl00_NavigationTabStrip_ScopeMenu_Data.hoverHyperLinkClass = 'ctl00_NavigationTabStrip_ScopeMenu_8 scopeHover';
 RegisterAutoSubmit( 'ctl00_tb1_Flyout_Rating1', 'ctl00_tb1_Flyout_btnSubmit','contentRatingb5931833-d18b-4bde-aed1-6174d061edbbMSDN.10en-us');

// -->
</script>
<script type="text/javascript" language="javascript">
<!--
 function GetContentWnd(){ return parent; } function OnInitPage(){var oWnd = GetContentWnd();} function GetServerData(arg, context){} function OnSave(){ var oWnd = GetContentWnd(); window.external.addFavorite('http://msdn2.microsoft.com/en-us/library/ms977327.aspx', oWnd.document.title ); }

-->
</script>
<script type="text/javascript">
<!--
document.getElementById('ctl00_tb1_Flyout_rtgContainer').title="Click a star and provide feedback";
Sys.Application.initialize();
TFly_Init('ctl00$LocaleManagement$ctl00',0,0,1, 4,60,'LocaleManagementFlyoutStaticHover_msdn','',100,400,'','','');
TFly_Init('ctl00$QuickLinks$ctrlFlyout',0,0,1, 4,60,'QuickLinksFlyoutStaticHover_msdn','',100,400,'','','');
Sys.Application.add_init(function() {
    $create(Microsoft.Mtps.Rendering.Behaviors.Ajax.AutoCompleteBehavior, {"completionInterval":500,"enableCaching":false,"id":"ctl00_NavigationTabStrip_SearchAutoComplete","minimumPrefixLength":4,"serviceMethod":"GetTerms","servicePath":"../../msdn/Controls/TabStrip/TermService.asmx"}, null, null, $get("ctl00_NavigationTabStrip_SearchTextBox"));
});
TFly_Init('ctl00$tb1$Flyout',5,2,1, 4,60,'','',100,400,'','','');
Sys.Application.add_init(function() {
    $create(Microsoft.Mtps.Rendering.Behaviors.Ajax.RatingBehavior, {"CallbackID":"ctl00$tb1$Flyout$Rating1","ClientStateFieldID":"ctl00_tb1_Flyout_Rating1_RatingExtender_ClientState","EmptyStarCssClass":"emptyRatingStar","FilledStarCssClass":"filledRatingStar","id":"ctl00_tb1_Flyout_Rating1_RatingExtender","Rating":2,"StarCssClass":"ratingStar","Tag":"contentRatingb5931833-d18b-4bde-aed1-6174d061edbbMSDN.10en-us","WaitingStarCssClass":"savedRatingStar"}, null, null, $get("ctl00_tb1_Flyout_Rating1"));
});
TFly_Init('ctl00$LibFrame$EyebrowMenu$ctl00',0,-1,-1, 10,5,'statHover','',250,250,'EyeBrowMenuBarSetHeight','','');
TFly_Init('ctl00$LibFrame$EyebrowMenu$ctl01',0,-1,-1, 10,5,'statHover','',250,250,'EyeBrowMenuBarSetHeight','','');
TFly_Init('ctl00$LibFrame$EyebrowMenu$ctl02',0,-1,-1, 10,5,'statHover','',250,250,'EyeBrowMenuBarSetHeight','','');
TFly_Init('ctl00$LibFrame$EyebrowMenu$ctl03',0,-1,-1, 10,5,'statHover','',250,250,'EyeBrowMenuBarSetHeight','','');
TFly_Init('ctl00$LibFrame$EyebrowMenu$ctl04',0,-1,-1, 10,5,'statHover','',250,250,'EyeBrowMenuBarSetHeight','','');
TFly_Init('ctl00$LibFrame$EyebrowMenu$ctl05',0,-1,-1, 10,5,'statHover','',250,250,'EyeBrowMenuBarSetHeight','','');
TFly_Init('ctl00$LibFrame$EyebrowMenu$ctl06',0,-1,-1, 10,5,'statHover','',250,250,'EyeBrowMenuBarSetHeight','','');
var TocPaneNameId = 'ctl00_LibFrame_tocPanel';
var px = 'px';
var browser = window.navigator.appName;
var sDocDir = document.dir;
var sContainerCell = 'ctl00_LibFrame_overlay';
var oContainerCell = null;
var oNavCell = null;
var sNavCell = 'ctl00_LibFrame_tocPanel';
var oSplitterCell = null;
var sSplitterCell = 'ctl00_LibFrame_ResizeSplitter';
var sSplitterCookieX = 0;
var sSplitterDefault = '250px';
var sTmpNavCellWidth = '250px';
var sNameTmpNavCellWidth = sTmpNavCellWidth;
var oContentCell = null;
var sContentCell = 'ctl00_LibFrame_contentPanel';
var winWidth;
var winHeight;
var cookieName = 'tocPanelWidth';
var days = 60;
var isTocCollapsed= false;
var tocOpenCollapseHandler;
// -->
</script>
</form>
    <div style="display: none;"><img src="ms977327.aspx_files/trans_pixel.gif" alt="Page view tracker" border="0" height="0" hspace="0" vspace="0" width="0"></div>
    
<script type="text/javascript">
var gDomain="m.webtrends.com";
var gDcsId="dcsmgru7m99k7mqmgrhudo0k8_8c6m";
var gFpc="WT_FPC";
/*<![CDATA[*/
if(document.cookie.indexOf(gFpc+"=")==-1){document.write("<scr"+"ipt type='text/javascript' src='"+"http"+(window.location.protocol.indexOf('https:')==0?'s':'')+"://"+gDomain+"/"+gDcsId+"/wtid.js"+"'><\/scr"+"ipt>");}
/*]]>*/
</script><script type="text/javascript" src="ms977327.aspx_files/wtid.js"></script>
<script src="ms977327.aspx_files/webtrends.js" type="text/javascript"></script>
<noscript>
<div><img alt="DCSIMG" id="Img1" width="1" height="1"
src="http://m.webtrends.com/dcsmgru7m99k7mqmgrhudo0k8_8c6m/njs.gif?dcsuri=/nojavascript&amp;WT.js=No"
/></div>
</noscript>

</body></html>